Date: Wed, 25 Sep 2002 08:53:40 -0700 (PDT) From: =?ISO-8859-1?Q?Mikko_Ty=F6l=E4j=E4rvi?= <mikko@atlas.home> To: Paul Schenkeveld <fb-hackers@psconsult.nl> Cc: tho <thomas.fossati@tin.it>, freebsd-hackers@FreeBSD.ORG Subject: Re: Just a wild idea Message-ID: <20020925085046.R17757-100000@atlas.home> In-Reply-To: <20020924174331.A37898@psconsult.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 24 Sep 2002, Paul Schenkeveld wrote: > Hi Thomas, > > On Tue, Sep 24, 2002 at 01:31:59AM +0200, tho wrote: > > hi Paul, > > > > have you considered using a "file descriptor passing" based technique > > (section 14.7 of Stevens' UNPv1) ? > > > > you may have a process with suser privs which creates file descriptors > > (e.g. socket bind()ed to a particular address and port) on demand and then > > passes back the descriptor to the requesting (unprivileged) process through > > a unix domain socket > > I know this technique but the real issue is about many pieces of > standard software, like BIND named, sendmail, syslogd and so on. > So this technique, although very usable for new projects, will > not solve this problem. As long as the programs are dynamically linked, you can LD_PRELOAD a wrapper for bind() that passes the socket and address information to the privileged process that does the actual bind() call and replies with an errno value. It works. I've done it. $.02, /Mikko Mikko Työläjärvi_______________________________________mikko@rsasecurity.com RSA Security To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020925085046.R17757-100000>