Re: [OFFTOPIC] Re: [PATCH] Single user linux

CaT (cat@zip.com.au)
Wed, 25 Apr 2001 00:59:33 +1000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: willy tarreau: "Re: capabilities carried over execve()"
Previous message: Alan Cox: "Re: [OFFTOPIC] Re: [PATCH] Single user linux"

On Tue, Apr 24, 2001 at 04:49:57PM +0200, Pjotr Kourzanoff wrote:
> > use port 2525 as SMTP port in your MTA. I've succeed to setup such a
> > configuration.
>
> This requires you to ensure that your MTA is started first on that
> port...Might be difficult to achieve reliably in an automatic way
> without root privileges :-(
>
> mailuser@foo% /etc/rc.d/init.d/sendmail stop
> badguy@foo% ./suck 2525
> mailuser@foo% /etc/rc.d/init.d/sendmail start

Not necessarily. While I have no yet used the feature, iptables
permits firewalling on userid. I presume this includes wether or
not a program can listen on a port, right? (and all the other
fun things).

If so then all you'd have to do is deny external access to port 2525
and only permit mailuser to listen etc on it and you're set.

-- CaT (cat@zip.com.au) *** Jenna has joined the channel. <cat> speaking of mental giants.. <Jenna> me, a giant, bullshit <Jenna> And i'm not mental - An IRC session, 20/12/2000

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: willy tarreau: "Re: capabilities carried over execve()"
Previous message: Alan Cox: "Re: [OFFTOPIC] Re: [PATCH] Single user linux"