How can I bind() to a port number < 1024?
How can I bind() to a port number < 1024?
From Andrew Gierth (andrew@erlenstar.demon.co.uk):
The restriction on access to ports < 1024 is part of a (fairly weak)
security scheme particular to UNIX. The intention is that servers (for
example rlogind, rshd) can check the port number of the client, and if
it is < 1024, assume the request has been properly authorised at the
client end.
The practical upshot of this, is that binding a port number < 1024 is
reserved to processes having an effective UID == root.
This can, occasionally, itself present a security problem, e.g. when a
server process needs to bind a well-known port, but does not itself
need root access (news servers, for example). This is often solved by
creating a small program which simply binds the socket, then restores
the real userid and exec()s the real server. This program can then be
made setuid root.