X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=authbind.git;a=blobdiff_plain;f=authbind.1;h=8d6c335be462c92ec7343408bdfbace7532904b9;hp=10531b59662dcadeeb89c5feed26c1a205e629b5;hb=a942b07a4483cfa4a5f0a8307e3b6239f7f44998;hpb=3f781654282c8c85317394dfd874483c4321fac1

diff --git a/authbind.1 b/authbind.1
index 10531b5..8d6c335 100644
--- a/authbind.1
+++ b/authbind.1
@@ -23,8 +23,8 @@
 .SH NAME 
 authbind \- bind sockets to privileged ports without root
 .SH SYNOPSIS
-.BI authbind " program"
-.RI [ argument " ...]"
+.BR authbind
+.RI [ options "] " program " [" argument " ...]"
 .SH DESCRIPTION
 .B authbind
 allows a program which does not or should not run as root to bind to
@@ -35,8 +35,30 @@ You must invoke the program using
 will set up some environment variables, including an
 .BR LD_PRELOAD ,
 which will allow the program (including any subprocesses it may run)
-to bind to low-numbered (<1024) ports if the system is configured to
+to bind to low-numbered (<512) ports if the system is configured to
 allow this.
+.SH OPTIONS
+.TP
+.B --deep
+Normally,
+.B authbind
+arranges for only the program which it directly invokes to be affected
+by its special version of
+.BR bind (2).
+If you specify
+.B --deep
+then all programs which that program invokes directly or indirectly
+will be affected, so long as they do not unset the environment
+variables set up by
+.BR authbind .
+.TP
+.BI --depth " levels"
+Causes
+.B authbind
+to affect programs which are
+.I levels
+deep in the calling graph.  The default is
+.BR "--depth 1" .
 .SH ACCESS CONTROL
 Access to low numbered ports is controlled by permissions and contents
 of files in a configuration area,
@@ -201,6 +223,11 @@ to happen and
 signal to be delivered.  Programs should not rely on standard
 libraries not doing these things.
 .PP
+Ports from 512 to 1023 inclusive cannot be used with
+.B authbind
+because that would create a security hole, in conjection with
+.BR rshd .
+.PP
 The access control configuration scheme is somewhat strange.
 .SH FILES AND ENVIRONMENT VARIABLES
 .TP
@@ -226,16 +253,31 @@ If set, forces
 .B authbind
 to use its value as the path to the shared library to put in
 .BR LD_PRELOAD ,
-instead of the compiled-in value.
+instead of the compiled-in value.  In any case, unless
+.B --deep
+was specified,
+.B authbind
+will set this variable to the name of the library actually added to
+.BR LD_PRELOAD ,
+so that the library can find and remove the right entry.
 .TP
-.I AUTHBIND_NESTED
-Do not set this variable.  It is set to
-.B 1
-by
-.B libauthbind
-when it invokes the helper program.  This allows detection of the
-situation where the helper has not been installed setuid, which would
-otherwise lead to infinite recursion.
+.I AUTHBIND_LEVELS
+This variable is set by
+.B authbind
+to the number of levels left from the
+.B --depth
+or
+.B --deep
+option, minus one.  It is decremented during
+.B _init
+by the library on each program call, and the library will remove
+itself from the
+.B LD_PRELOAD
+when it reaches zero.  The special value
+.B y
+means
+.B --deep
+was specified.
 .SH SEE ALSO
 .BR bind (2),
 .BR authbind\-helper (8),