Date: Wed, 2 Jan 2002 18:13:52 -0600 From: "Dustin Puryear" <dpuryear@usa.net> To: <freebsd-questions@freebsd.org> Subject: RE: Getting Apache to run as user www only Message-ID: <PGECILGGNJGDPJKLFEMIIEGPCMAA.dpuryear@usa.net> In-Reply-To: <PGECILGGNJGDPJKLFEMIKEGNCMAA.dpuryear@usa.net>
next in thread | previous in thread | raw e-mail | index | archive | help
What I think is happening here is that some people are confusing the idea of allowing a specified user to bind to a port with giving a program image that same privilege. At least, that's what I think is being assumed here. Certainly, if a process that is running as a user with bind-to-port-x priviledge is compromised, that port is compromised, but that is certainly better than compromising, say, the parent httpd process that is running as root. This way, even if an attacker compromises the process before it drops its privileges it will still limit the worst case scenario. Even in this case there are ways to mitigate resulting damage in many cases, often by using the current solutions where you switch the user you are running as after you have bound to the port. This way the root user is never required and only a subset of your privileged ports are fair game. Of course, I doubt this is a novel idea, even in the UNIX world where the single superuser mentality is still strong. Regards, Dustin > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Dustin Puryear > Sent: Wednesday, January 02, 2002 5:55 PM > To: Matthew Graybosch; freebsd-questions@freebsd.org > Subject: RE: Getting Apache to run as user www only > > > > > > I think that takes a small prize for being the best suggestion for > > > > introducing a security hole the size of the grand canyon > into the O/S. > > > > Just think about it, before you ask why... :) > > > > > > Thought about it. Now, why? > > > > I wonder what sort of havoc I could wreak if I were to crack an > > httpd bound > > directly to the kernel? > > What does that have to do with my suggestion which was to allow a > specified > user to bind to a given port. I am not sure where that leads to > httpd being > "bound directly to the kernel." Maybe I am missing something? Please > enlighten me. :) > > Regards, Dustin > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?PGECILGGNJGDPJKLFEMIIEGPCMAA.dpuryear>