Re: Question on dropping privileges

From: Luciano Miguel Ferreira Rocha (strangeat_private)
Date: Wed May 02 2001 - 12:04:39 PDT

  • Next message: Arvind Shyamsundar: "Re: guidelines for secure ASP pages"

    On Wed, May 02, 2001 at 09:45:23AM -0500, Aurobindo Sundaram (+1 512 331 3743) wrote:
    > Hi,
    >
    > I'm just wondering where in the network port opening sequence it is
    > appropriate to drop privileges. Consider the following snippet of code and
    > assume we're opening a port < 1024. Obviously, we need root privileges to
    > bind ... when is the earliest we can drop them? See below for the choices.
    
    Why didn't you try it yourself?
    
    Anyway, it's the bind syscall that requires super user privileges (or the
    capability) in order to bind to a port lower then 1024.
    
    Also, there is no security gainned in dropping the privileges before or after
    calling listen.
    
    However, do take notice that the position 3 is in a loop, so the program would
    try to drop privileges in each iteraction after accepting the connection.
    
    hugs
    	Luciano Rocha
    



    This archive was generated by hypermail 2b30 : Wed May 02 2001 - 12:04:25 PDT