Re: Question on dropping privileges

From: Adam William Lydick (awlydickat_private)
Date: Wed May 02 2001 - 19:20:09 PDT

  • Next message: Antonomasia: "Re: Re-RSA and large numbers"

    After the bind() call, i would believe. Setting the local port
    (binding) is the restricted operation, not accepting connections
    on an already bound socket, etc. [unless i am terribly mistaken ;-)]
    
    If all else fails, you can, of course, try each possibility and see which
    ones bonk. (change "|| die" to "|| die 'at bind()'", etc)
    
    	-Adam Lydick
    ----------------------------------
    Shmee... I think there's something
    wrong with this world.
    	--SQUEE!, Jhoen Vasquez
    
    On Wed, 2 May 2001, Aurobindo Sundaram (+1 512 331 3743) wrote:
    
    > Hi,
    >
    > I'm just wondering where in the network port opening sequence it is
    > appropriate to drop privileges. Consider the following snippet of code and
    > assume we're opening a port < 1024. Obviously, we need root privileges to
    > bind ... when is the earliest we can drop them? See below for the choices.
    >
    > Thks,
    > Robin
    >
    >
    > socket(Server, PF_INET, SOCK_STREAM, $proto)        || die "socket: $!";
    > bind(Server, sockaddr_in($port, INADDR_ANY))        || die "bind: $!";
    > ### Drop position 1
    >
    > listen(Server,SOMAXCONN)                            || die "listen: $!";
    > ### Drop position 2
    >
    > for ( ; $paddr = accept(Client,Server); close Client) {
    > ### Drop position 3
    >          my($port,$iaddr) = sockaddr_in($paddr);
    >          my $name = gethostbyaddr($iaddr,AF_INET);
    >          print Client "Hello there, $name, it's now ",
    >                          scalar localtime, $EOL;
    > }
    >
    



    This archive was generated by hypermail 2b30 : Thu May 03 2001 - 14:45:19 PDT