sockfs version alpha2 - permissions filesystem for privileged sockets Copyright (c) 1997-1998, Malcolm Beattie This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version. sockfs is a pseudo-filesystem which allows the setting of owner, group and permissions for each reserved internet-domain port (i.e. family AF_INET, ports 1-1024). When mounted, directory entries for each reserved port appear (named 1, 2, 3, etc., rather like the procfs entries for each process named by PID). The filesystem replaces the kernel privilege check for binding reserved ports. Instead of the default check which allows only root to bind to reserved ports, it checks whether the appropriate entry in the sockfs filesystem is writable by the process attempting the bind(). Owner, group and "other" bits are checked just as for ordinary file permission checks. The superuser (in fact, the fsuser just as for ordinary filesystems) is always granted permission. The filesystem allows the owner, group and permission bits to be changed by whoever has write access to the root of the mounted filesystem (usually root alone). The filesystem can be configured either to have the privilege check restored to the default one at unmount time or to preserve the permissions across mount/unmount (in which case the permissions check only reverts when the filesystem module is unloaded). INSTALLATION (1) Extract the files from the sockfs distribution anywhere away from the kernel source tree. Apply the enclosed patch sockfs.patch to your kernel. The patch was made against 2.0.35. Slight changes made in the networking code between 2.0.29 and 2.0.32 will probably stop this patch applying to earlier kernels, although it should be pretty easy to fix up. cd /usr/src/linux patch -p1 < /foo/bar/sockfs.patch (2) Rebuild your kernel with the new patch applied (and maybe rebuild your modules too in case module versioning kicks in). (3) cd back to the sockfs directory and type make The make will probably bomb out when it tries to symlink the module into the kernel source tree somewhere (a side effect of the hack used to persuade the kernel's makefiles to allow a build away from the kernel source tree). However, it should have built the module sockfs.o by that time which is all you need. If the Makefile doesn't work then take a look at the file "build" which contains the three commands necessary for one of my configurations to build it. (4) Put the sockfs.o module in an appropriate place (for example, /lib/modules/2.0.35-2/net/sockfs.o if you're using kernel 2.0.35 release 2 on a Red Hat 5.1 system) and reboot on the new kernel. USAGE You can decide at module-load time whether you want the new-style permission checks to persist across umount/mount (until rmmod time) or whether you want the permission checks to revert to the default each time the filesystem is unmounted. To do the former, load the module with # insmod sockfs.o permanent=1 To do the latter, omit the permanent=1 argument. Now mount the filesystem somewhere: /sockfs is a good bet. # mount -t sockfs sockfs /sockfs If you now do # ls /sockfs you'll see an entry for each reserved port. You can use chown, chgrp and chmod to make any given reserved port available for binding by a given user/group. The permissions check for binding looks only for writability of the entry: the other bits (readable, executable, setuid, setgid and sticky) are not used by the permissions check but are stored as-is by the fileystem. One final technicality: the filesystem needs only 6K to store the owner/group/mode information (1024 structures each holding a uid_t, gid_t and mode_t). Usually, the module delays allocating the memory until the filesystem is mounted. If your memory is severely fragmented, the allocation could fail. In fact, this is very unlikely but future versions of the filesystem may cope with other socket families or such like. You can append the argument alloc_now=1 to the insmod command to force the module to allocate the necessary memory at module-load time instead of delaying until the filesystem is mounted. CHANGE HISTORY 21 Oct 1998 Version alpha2 alpha1 turned out to be a bit broken. This one may be better, although I haven't even compiled it so, then again, it may not be. 16 Sep 1997 Version alpha1 Malcolm Beattie mbeattie@sable.ox.ac.uk 21 October 1998