Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 5 Sep 2000 09:41:54 -0600 
From:      Charles Randall <crandall@matchlogic.com>
To:        'Maxime Henrion' <mux@qualys.com>, freebsd-arch@freebsd.org
Subject:   RE: thought about allocation of the first 1024th ports
Message-ID:  <5FE9B713CCCDD311A03400508B8B30135878FE@bdr-xcln.is.matchlogic.com>

next in thread | raw e-mail | index | archive | help
We run ipfw+natd for local port redirection on some of our web servers. That
allows us to avoid setuid root executables.

I've found it to be a very workable solution for programmers and system
admins.

Charles

-----Original Message-----
From: Maxime Henrion [mailto:mux@qualys.com]
Sent: Saturday, September 02, 2000 10:00 AM
To: freebsd-arch@freebsd.org
Subject: thought about allocation of the first 1024th ports


	Hi,



On most Unix systems and on FreeBSD, the first 1024th ports can't be
allocated by a
non-root process. As far as I know, this is justfied because services
running on these
ports generally require root privileges to accomplish their tasks because
they are
intended to be used by all the users on the system and need to access to
their datas.

However, some services don't need these privileges, like identd servers, or
even web
servers. This implies security problems if these servers are vulnerable to a
bug or a
buffer overflow. Advanced servers use setuid() and setgid() system calls to
drop their
privileges after having bound the socket. This improves security as if the
server is
vulnerable, it can not be used to gain root privileges but only a user's
privileges.

What I wonder now is if an application-independant mechanism to permit some
ports below
1024 to be bound to sockets not owned by root processes would be useful. You
assign in a
configuration file which UID's are allowed to allocate which port. Of
course, root
processes will also be allowed to allocate these ports and user with other
UID's still
can't ; this ensures backward compatibility.

With such a mechanism, you can run a server as a user and not as root even
if the
application doesn't support the setuid/setgid system. The requirement for
this to work
is that the application doesn't permits itself to do some other root-only
operations
than binding the socket to a privileged port ; it should be this way in most
applications.

I invite you to send me your thoughts/advices/rotten tomatoes by e-mail ;-)
I hope I
didn't miss something obvious and that something allowing to do what I
describe don't
already exists.

Regards,
Maxime Henrion


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5FE9B713CCCDD311A03400508B8B30135878FE>