Question on dropping privileges

From: Aurobindo Sundaram (+1 512 331 3743) (sundaramat_private)
Date: Wed May 02 2001 - 07:45:23 PDT

  • Next message: Victor A. Rodriguez: "Re: How many people write secure programs?"

    Hi,
    
    I'm just wondering where in the network port opening sequence it is
    appropriate to drop privileges. Consider the following snippet of code and
    assume we're opening a port < 1024. Obviously, we need root privileges to
    bind ... when is the earliest we can drop them? See below for the choices.
    
    Thks,
    Robin
    
    
    socket(Server, PF_INET, SOCK_STREAM, $proto)        || die "socket: $!";
    bind(Server, sockaddr_in($port, INADDR_ANY))        || die "bind: $!";
    ### Drop position 1
    
    listen(Server,SOMAXCONN)                            || die "listen: $!";
    ### Drop position 2
    
    for ( ; $paddr = accept(Client,Server); close Client) {
    ### Drop position 3
             my($port,$iaddr) = sockaddr_in($paddr);
             my $name = gethostbyaddr($iaddr,AF_INET);
             print Client "Hello there, $name, it's now ",
                             scalar localtime, $EOL;
    }
    



    This archive was generated by hypermail 2b30 : Wed May 02 2001 - 11:53:09 PDT