From owner-freebsd-bugs@FreeBSD.ORG Mon Mar 29 10:40:03 2004 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B720816A4CE for ; Mon, 29 Mar 2004 10:40:03 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE2F343D2F for ; Mon, 29 Mar 2004 10:40:03 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) i2TIe3bv081439 for ; Mon, 29 Mar 2004 10:40:03 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.10/8.12.10/Submit) id i2TIe3FP081438; Mon, 29 Mar 2004 10:40:03 -0800 (PST) (envelope-from gnats) Date: Mon, 29 Mar 2004 10:40:03 -0800 (PST) Message-Id: <200403291840.i2TIe3FP081438@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Robert Watson Subject: Re: misc/64694: UID/GID matching in ipfw non-functional X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Robert Watson List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Mar 2004 18:40:03 -0000 The following reply was made to PR misc/64694; it has been noted by GNATS. From: Robert Watson To: Grant Millar Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: misc/64694: UID/GID matching in ipfw non-functional Date: Mon, 29 Mar 2004 13:33:21 -0500 (EST) On Sat, 27 Mar 2004, Grant Millar wrote: > Here is the ssh socket showing it owned by root; > sshd 4722 root 5u IPv4 0xdcd94940 0t0 TCP > 66.90.98.2:ssh->host81-128-227-64.inaddr.btopenworld.com:22804 > (ESTABLISHED) sshd and httpd sockets are owned by root because these daemons bind the sockets while running with root privilege, and the "owner" of a socket is its creator. This is a necessary evil for at least a couple of reasons, including the following: a single socket may be referenced by many processes, and therefore there is no notion of a "current process using socket", so the only consistent notion is the creator. This was an intentional design choice by the designers of the sockets API, who chose to represent network endpoints as file-like objects, and the existing UNIX APIs allow file object references to be inheritted and transfered from process to process (and be shared). There's arguably a bug, however, in sshd: while the primary port 22 binding is necessarily created by a root process due to the UNIX notion of privilege, the SHS "forwarded ports" do *not* need to be bound by the root user. It's a bug in sshd that it creates the sockets before switching to the user credential; I've previously reported this bug to the SSH authors but have not seen a response on that. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Senior Research Scientist, McAfee Research