[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [linux-security] Configuration for binding to "secure" ports?

From: Pavel Kankovsky <peak kerberos troja mff cuni cz>
To: linux-security redhat com
Subject: Re: [linux-security] Configuration for binding to "secure" ports?
Date: Fri, 29 May 1998 11:26:37 +0200 (MET DST)

On Thu, 28 May 1998, Lamar Owen wrote:

> [mod: As you can read here, I wrote a short (currently 100 lines)
> program that binds to a port and then execs a prespecified deamon
> under a specified uid. Now my head is clear, almost the same can be
> achieved with inetd. Moreover, as the application has to be modified
> to accept the socket using some mechanism, you could just as well
> modify it to drop root privs after opening the socket. Oh well. --REW]

You can modify the application auto-magically by LD_PRELOAD'ing a library
that overrides libc bind() with something dup2()'ing the pre-bound socket. :)

Well, you could also modify bind() to pass the socket (using BSD-like
unix-domain socket magic) to a privileged "binder daemon" and let it
decide whether you are allowed to bind it to the given port--and do it
itself if you are.

> After sending a draft of this message to the linux-security list, I
> received a highly informative "message rejected" e-mail from Rogier
> Wolff pointing out that the newest kernels in the 2.1 series have
> 'capabilities' -- one of which allows binding to secure ports by
> certain processes.  I look forward to 2.2, which should incorporate
> such features. I would upgrade to a 2.1.x kernel, but stability
> reasons prohibit me at this time.  So, I am currently stuck at 2.0.x,
> which has no such 'capabilities' (bad pun).

A patch for 2.0.x has been published in one of the recent issues
of Phrack that allows processes running under special gids to perform
privileged socket operations.

<quote>

GID 16 : a program running with group 16 privileges can bind to a
         < 1024.  This allows programs like: rlogin, rcp, rsh, and ssh
         to run setgid 16 instead of setuid 0(root).  This also allows
         servers that need to run as root to bind to a privileged port
         like named, to also run setgid 16.

</quote>

I am running named this way.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]

Follow-Ups:
- Re: [linux-security] Re: Configuration for binding to "secure" ports?
  - From: Olaf Kirch

References:
- Configuration for binding to "secure" ports?
  - From: Lamar Owen

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]