Re: Question on dropping privileges

From: Casper Dik (Casper.Dikat_private)
Date: Wed May 02 2001 - 13:00:58 PDT

  • Next message: Crispin Cowan: "Re: How many people write secure programs?"

    >I'm just wondering where in the network port opening sequence it is
    >appropriate to drop privileges. Consider the following snippet of code and
    >assume we're opening a port < 1024. Obviously, we need root privileges to
    >bind ... when is the earliest we can drop them? See below for the choices.
    >
    >Thks,
    >Robin
    >
    >
    >socket(Server, PF_INET, SOCK_STREAM, $proto)        || die "socket: $!";
    >bind(Server, sockaddr_in($port, INADDR_ANY))        || die "bind: $!";
    >### Drop position 1
    
    
    This is the rigth place, though TLI based implementation (e.g., Solaris
    until release 2.6) allow you to drop at "location 0" (after socket)
    
    Currently, Solaris requires you to be privileged at both socket() and
    bind().
    
    Casper
    



    This archive was generated by hypermail 2b30 : Wed May 02 2001 - 13:24:03 PDT