On Sun, Apr 29, 2001 at 07:19:06AM -0400, Sunny Dubey wrote: > > I know that UNIX does it so that normal users can't seem like legit and > important services, but there surely must be some better way of delegating a > port below 1024 to a deamon.
*DISCLAIMER* I do not know exactly what I'm talking about. Large grains of salt recommended to aid in digestion. To the best of my knowledge, root access is only required in order to bind to a priveledged port. A process does not need to be running as root in order to communicate using a priveledged port. I believe that this restriction is in place so that a daemon running on a priveledged port not only has to have access to the port, but can be protected by stricter access on a system (eg: having the binaries 0500 and owned root:root.) It's conceivable (to me at least) that a non-root owned file could be compromised by another non-root process, but with your proposal it would still be allowed to bind to a port. A good example of execute and chuser is Apache. It has to be exectuted as root, but imediately chuser's to non-root once binding. I suppose there is some risk involved in this scheme, but I'm too caffiene-addled to think of anything now. inetd should probably be (or has been?) re-written such that it chuser's before exec'ing to remove the dependency on the application acting in a proper manner. I think all of us can agree that an application, especially a daemon serviceing the unwashed masses on the net, should run with the minimal permissions required to get the job done. ftp might be a problem, since I believe all or most daemons run as root until the user is authenticated, then chuser. (This is also where most of the security holes in ProFTP, wu-ftp, and others arise.) Since we're dreaming pipe dreams, we may as well hope for system call ACLs that would allow a non-root daemon running as uid 'ftpd' to chuser to another non-root uid. I think that some OS's have this ability. Not everything uses inetd though. Other services (such as http) would still be dependant on quality coding to avoid compromise. Did I make any sense? -- Brandon High [EMAIL PROTECTED] The careful application of terror is also a form of communication.
