Date: Sun, 24 Nov 1996 04:07:57 +0100 (MET) From: Mikael Karpberg <karpen@ocean.campus.luth.se> To: imp@village.org (Warner Losh) Cc: freebsd-hackers@freebsd.org Subject: Re: non-root users binding to ports < 1024 Message-ID: <199611240307.EAA06738@ocean.campus.luth.se> In-Reply-To: <E0vRQto-0003kX-00@rover.village.org> from Warner Losh at "Nov 23, 96 03:50:12 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
According to Warner Losh: > In message <Pine.BSF.3.95.961123150746.5433B-100000@alive.ampr.ab.ca> > Marc Slemko writes: [...] > : I see little room for bugs in the kernel implementation of non-root users > : binding to ports <1024; there is lots of room for problems in the use of > : such a feature by programs, but that is really a different issue; > : probably more important, but different and far more involved. [Why not have a inetd like thing which does setuid and forks?] > Maybe I've missed something here... I don't see a compelling need for > this facility in the kernel, at least for the most common cases that > I've seen examples for. I can imagine complex programs desiring some > way to bind mutliple ports, or not have to exit to get back into the > swing of things. > > I'll leave the design issues of sendmail alone as well :-).... I might be wrong, but doesn't rlogin for example bind to a port < 1024 on OUTGOING connections, to make itself trustworthy? It's setuid root, and could be just setuid bindlow or some other normal user, that would just have one extra permission: To bind to all ports < 1024, special sensitive ports excluded. I'm user more programs then rlogin could use that user also. If someone exploits a security hole in rlogin, they don't get as big an advantage, since they can only bind to port < 1024, and none of the really "interesting" ones (telnetd, rlogind, ftpd, etc). As I see it, any unneccesary priviliges to setuid programs is just asking for trouble. Now the question: How do we implement such a feature? I don't know exactly how IPFW works, but wouldn't we do about the same thing with this feature (I'm guessing ipfw reads commandline data and uses it for a sysctl)? like: /sbin/ipport add deny nobody tcp 1-65000, udp 1-65000 /sbin/ipport add allow bindlow 30+ except 80, 113, 111, 510-515 /sbin/ipport add allow smtpuser 25 (Hmm... I don't know... hope you get my meaning :) This would even allow us to override the default "allow 1024-65000" for some users. Maybe also add interface? So that you can allow someone to bind any ports on an interface which his client machine can connect to, or so. I can see some interesting uses for a feature like this. Anyone else? /Mikael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611240307.EAA06738>