X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=authbind.git;a=blobdiff_plain;f=authbind-helper.8;h=b9c25e8637da2c2636632219ee4db872955f37c4;hp=44291ba4e04277b5d3a914b8ad1d59321f701d9e;hb=177b6e8b804eaf719774eecc6e24a85190a6d89d;hpb=90dfd307e8a43690e45ed10cfca7c8a24aab4137 diff --git a/authbind-helper.8 b/authbind-helper.8 index 44291ba..b9c25e8 100644 --- a/authbind-helper.8 +++ b/authbind-helper.8 @@ -17,14 +17,14 @@ .\" along with this program; if not, write to the Free Software Foundation, .\" Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. .\" -.\" $Id$ -.\" .TH AUTHBIND\-HELPER 8 "30th August 1998" "Debian Project" "Debian Linux manual" .br .SH NAME authbind\-helper \- helper program to bind sockets to privileged ports without root .SH SYNOPSIS -.BI /usr/lib/authbind/helper " addr\-hex port\-hex " < socket +.BI /usr/lib/authbind/helper " addr4\-hex port\-hex " < socket +.br +.BI /usr/lib/authbind/helper " addr6\-hex port\-hex 6 " < socket .SH DESCRIPTION .B helper is the program used by @@ -38,27 +38,30 @@ low-numbered ports in a controlled way. See It may also be used standalone, i.e. without assistance from .BR authbind . Its standard input should be a TCP/IP socket, and it should be passed -two arguments. +two or three arguments. .PP The arguments are the address and port number, respectively, to which -the caller desires that the socket be bound. They should be hex -strings, +the caller desires that the socket be bound, and the address family +(ommitted for IPv4; the fixed string +.B 6 +for IPv6). +.I addr4-hex +and +.I port-hex +should be hex strings, .I without leading .BR 0x , of exactly the right length (8 and 4 digits, respectively), being -a pairs of hex digits for each byte in the address or port number when +a pair of hex digits for each byte in the address or port number when expressed in host byte order. For example, the port argument is the result of something like .B sprintf(arg, .B """%04X"", .BR sin.sin_port) . -.PP -.B helper -will not bind to ports 512 and onwards, because programs like -.B rshd -expect these to be used for outgoing connections, so allowing a user -to bind to one of these would open up security hole(s). +.I addr6-hex +should be a string of 32 hex digits, being a pair for each byte in +the address, in network byte order. .SH EXIT STATUS .B helper will exit with code 0 on success. @@ -82,7 +85,7 @@ for details of the access control regime implemented by .SH AUTHOR .B authbind and this manpage were written by Ian Jackson. They are -Copyright (C)1998 +Copyright (C)1998,2012 by him and released under the GNU General Public Licence; there is NO WARRANTY. See .B /usr/doc/authbind/copyright