|
|
|
|
|
|
by parenthephobia
3765 days ago
|
|
|
> ...no. Privileged ports are a way to prevent an unprivileged user from turning a service crash into a service takeover. Whilst privileged ports are indeed used for that purpose, that doesn't mean they aren't a wart. There's no necessary technical reason why unprivileged users can't bind to port 80, except that the designers of the network API decided to equate successfully binding to a port with having permission to receive connection requests for that port. This leads to unpleasant situations like a web server having to run as root, even if (usually) only temporarily, solely because it needs to bind port 80. This makes less sense especially with Docker, since even if a containerized web server binds to port 80, it won't receive connections from the outside world unless the container is configured to forward the "real" port 80 to it. |
|
|
not on modern linux. see CAP_NET_BIND_SERVICE in `man 7 capabilities`.