Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
bindprivs 0.6 (c) 1999-2002 by wojtek kaniewski licensed under terms of GPL v2 intro: this little silly kernel module can be used to restrict virtual host to some particular users. read bindprivs.conf(5) and bpset(8) for more details. rmmod issue: before removing the module, you have to use ,,bpset -u'', wait until it is unused (see lsmod's result) and then use ,,rmmod''. if after unusually long time the module is still used, try to look for some network-related processes, strace(1) them and check which ones are stuck on some socketcall like accept(), connect(), send() or recv(). then kill them. the other way is to look for network-related kernel functions in ,,ps -o wchan -o cmd ax''. if you have a ppp session running, send any packet through that link after ,,bpset -u'' to release the module. compilation: if you get lots of errors about conflicting types, add ,,#define _LOOSE_KERNEL_NAMES'' at top of bindprivs.c cvs: cvs -d:pserver:email@example.com:/home/cvs co bindprivs contact: DON'T contact me if you haven't read these docs or your system is broken. if you don't know how to deal with this package, you probably shouldn't be using it, or else you could get hurt. if you've found some mistake, some bug or some strange behaviour, feel free to write. betatesters: - Kuba 'Kooba' Jermak <firstname.lastname@example.org>, - Lam <email@example.com>, - SoboL <firstname.lastname@example.org>. changelog: - 0.6 (2003-06-12) + no complaints, + files put into CVS. - 0.6-beta3 (2002-11-25) + removed no longer needed cleanup_module() code, - 0.6-beta2 (2002-11-23) + cleanups, - 0.6-beta1 (2002-11-21) + serious bug in rule matching found by Lam has been fixed (IPv6 addresses were matched against IPv4 rules and vice versa, so it lead to false results), + gcc 3.x warnings fixed, + documentation fixed. - 0.5 (2002-05-29) + bugfix release, now compiles with grsecurity thanks to Borys Pogore³o <email@example.com>. - 0.4 (2002-05-25) + no one complained, so moving to stable. - 0.4-beta1 (2002-05-08) + kernel tree 2.4 is now supported as well as 2.2. + changed behaviour to check the address before connect(), not while bind()ing. it makes possible to deny even the default address, which is 0.0.0.0/32. + before unloading the module, you should run ,,bpset -u'' to release all future socket operations. + some framework for forcing the address. disabled by default. + updated docs. - 0.3 (2000-10-05) + got rid of kernel 2.0 support (not really needed). + rules configuration from userland. - 0.2 (1999-11-18) + cosmetics (mainly thanks and greets). + fixed `any' address (didn't work). + kernel 2.0 support (thanks to fahren). - 0.1 (1999-11-17) + first public release.