• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Problems listening on a privileged port
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problems listening on a privileged port


  • Subject: Re: Problems listening on a privileged port
  • From: "Duane Murphy" <email@hidden>
  • Date: Tue, 2 Oct 2007 19:30:23 -0700

--- At Tue, 2 Oct 2007 21:41:22 -0400, Kent Sorensen wrote:

>	I need to listen for incoming connections on port 59. I am using the
>MoreSecurity sample code from  MoreIsBetter which has an example on how
>to use a privileged helper tool to bind to a low numbered port.
>
>This works fine, and I can get a filedesc back from the tool, but when
>I try to do a listen() in my application, it fails with errno =
>ENOTSOCK
>
>I have verified that the value of the filedesc in the application is
>the one that the tool returns.

Heh, then you did something wrong. The file descriptor will almost
certainly have a different number. Usually the tool file descriptor will
be low because you haven't opened many files, but the descriptor in the
application will be a higher number. The file descriptor will be mapped
into the file descriptors for your application.

You have to use sendmsg() and recvmsg() to pass the file descriptor back
to the parent application. If you follow MoreSecurity() it should work
just fine.

>If I do the listen() inside the privileged tool it succeeds, even if I
>do it after the point where the non-privileged UID has been restored
>
>I was under the impression that it was only bind() that was a protected
>operation, but it appears that there's something (probably a lot) that
>I don't understand about this problem.

I don't think bind() is even protected, it's just open() that's
protected. Once you have the socket open you can do what ever you want.
Hence open() has to be protected.

If you can get your hands on Steven's "Unix Network Programming" Volume
1, the section is Passing Descriptors. (I still have a book mark at that
section!)

 ...Duane

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

  • Follow-Ups:
    • Re: Problems listening on a privileged port
      • From: Quinn <email@hidden>
References: 
 >Problems listening on a privileged port (From: Kent Sorensen <email@hidden>)

  • Prev by Date: Problems listening on a privileged port
  • Next by Date: Re: Method for determining wireless connection type
  • Previous by thread: Problems listening on a privileged port
  • Next by thread: Re: Problems listening on a privileged port
  • Index(es):
    • Date
    • Thread