How Can I Bind() To A Port Number < 1024?

1.	How Can I Bind() To A Port Number < 1024?
Answer» The restriction on access to ports &LT; 1024 is part of a (fairly weak) security scheme particular to UNIX. The intention is that SERVERS (for example rlogind, rshd) can check the port number of the client, and if it is < 1024, assume the request has been properly authorized at the client END. The practical upshot of this, is that binding a port number < 1024 is reserved to processes having an EFFECTIVE UID == root. This can, occasionally, itself present a security problem, e.g. when a server process needs to bind a well-known port, but does not itself need root access (news servers, for example). This is OFTEN solved by creating a small program which simply binds the socket, then restores the real userid and exec()s the real server. This program can then be made setuid root.

Answer»

The restriction on access to ports &LT; 1024 is part of a (fairly weak) security scheme particular to UNIX. The intention is that SERVERS (for example rlogind, rshd) can check the port number of the client, and if it is < 1024, assume the request has been properly authorized at the client END.
The practical upshot of this, is that binding a port number < 1024 is reserved to processes having an EFFECTIVE UID == root.
This can, occasionally, itself present a security problem, e.g. when a server process needs to bind a well-known port, but does not itself need root access (news servers, for example). This is OFTEN solved by creating a small program which simply binds the socket, then restores the real userid and exec()s the real server. This program can then be made setuid root.

Discussion