Date: Fri, 3 Jul 1998 05:41:03 -0400 From: "Allen Smith" <easmith@beatrice.rutgers.edu> To: rotel@indigo.ie, Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: dg@root.com, security@FreeBSD.ORG, njs3@doc.ic.ac.uk, dima@best.net, abc@ralph.ml.org, tqbf@secnet.com Subject: Re: bsd securelevel patch question Message-ID: <9807030541.ZM8314@beatrice.rutgers.edu> In-Reply-To: Niall Smart <rotel@indigo.ie> "Re: bsd securelevel patch question" (Jul 2, 6:23pm) References: <199807021723.SAA00883@indigo.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 2, 6:23pm, Niall Smart (possibly) wrote: > On Jul 2, 7:04pm, Poul-Henning Kamp wrote: > } Subject: Re: bsd securelevel patch question > > > > > >Thats not true, if he hacks the user/group that the web server runs > > >at then he only owns the web server, the only additional priviledge > > >he gains is the ability to bind to port 80. > > > > which is worse that the standard: he cannot bind to any port < 1024. There is also the question of whether one prefers: A. a server that sometimes runs as root and sometimes not, which gives the possibility that someone may take root; or B. a server that always runs as a user with one privilege, and is otherwise the same as an ordinary user. Given the nasty possibilities inherent in a root takeover, I prefer the latter if these are the only choices. > Well, this depends on how the server runs, if it binds to the port > and then setuid()'s to a lower priviledge then this is true. There > are clients out there that are purely setuid just so they can bind > to a port < 1024 however, so it has valid uses. There is also the option of having the server be run as a setuid binary by the less-privileged user, in which case (using the setuid/group (or a similar setuid/privilege) scheme I outlined earlier) it will when resetting its effective uid to its real uid remove the privileges in question. Admittedly, causing servers not running as root to do this may require some rewriting; many assume that they can't (or at least shouldn't) reset their euid when the euid isn't root, and that there's no need to reset their euid back to anything but root. -Allen -- Allen Smith easmith@beatrice.rutgers.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9807030541.ZM8314>