Re: Effective, Real and Group id switching for daemons

From: listsat_private
Date: Sat Jan 25 2003 - 04:16:06 PST

  • Next message: Ben Pfaff: "Re: Standards for developing secure software"

    From: "John Hanna" <jhannaat_private>
    
    > One of the important features is to be able to run as non-root after we
    > start listening on port 25.
    
    I can think of 2 other options:
        use a high port as non-root with port-forwarding to get SMTP traffic
        bind as non-root to port 25 (simple in open-source *nix)
    
    > First is it important to switch the real uid as well? It might be nice to
    > ... but not real-uid I suppose the clever hacker would switch the
    
    Exactly - you need to do that.
    
    > Secondly do I need to give the option to switch effective and real group id
    > as well? I suppose root group might be able to do something a hacker
    > shouldn't, even after they've lost root euid, right?
    
    A few moments with "man perlvar" should lead you to something like this
    which you can test by running it as root.
    
    #!/usr/bin/perl -w
    
    system("id");
    $)="500 500";   # set group IDs, appears twice to call setgroups()
    $(=500;
    system("id");
    $>=500;         # set user IDs
    $<=500;
    system("id");
    



    This archive was generated by hypermail 2b30 : Sat Jan 25 2003 - 09:12:27 PST