Chow Loong Jin <hyper...@debian.org> writes: > I think he's referring to allowing processes which require listening to > a port under 1024 to run without superuser privileges. I believe our > implementation on Debian (e.g. Apache) is to have the process start as > root, start listening, and then setuid to an unprivileged user.
For INN, quite some time ago, I wrote a setuid helper program that did nothing but bind the port for its parent process. I know there are a few other implementations of the same idea (I think Ian Jackson has a generic one that's packaged in Debian). I've always been surprised that more long-running daemons that for one reason or another need to set up their own listening ports don't use that technique. I think it's more secure than starting the whole complex daemon as root and then dropping privileges. It's not completely trivial, since you have to use two different techniques depending on whether the OS uses BSD-style sockets or STREAMS-style sockets (in BSD-style sockets you can bind in the child and the parent sees the results, but with STREAMS-style sockets you pass the file descriptor back to the parent), but it was only 219 lines of C (without comments) for the helper program and another 30 or so for the library to call it, and most of the helper program size is argument parsing and verification. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87halpdbwb....@windlord.stanford.edu
