It's not an issue if you can setuid() to an unprivileged uid. Usually you have to start as root, and change to some other user, why not do the same, but starting as some "privileged" user ? Example, uid 80 can bind to tcp port 80. You start the httpd as that user, and drop privileges by setting your uid to nobody (or apache, or whatever). If the user exploits the daemon, it will be uid nobody (or whatever), and in the worst case scenario, he will have uid 80, and never uid 0. I'm implementing a linux kernel module with this funcionality (and a few more), which will be released as soon as it is "beta" quality :) regards, Bruno Morisson <morissonat_private> On Thu, 2002-07-04 at 08:32, Mark Ruth wrote: > Hi, > > did you ever think about the consequences if someone is able to setup a fake > sshd or > telnet daemon? Do i hear "sniffing" from uid(nobody) gained trough new > apache vuln?! > (just for example, of course). > > Attackers would find a way to kill a process local/remote and setup their > own > progs. No need to change the tradition. > > > > > Is there any point in needing to be root in order to allocate the low > > ports > > on unix-like systems, anymore? Could we get away from having to have some > > daemons even have a root stub in order to listen on a low port? What > > would > > break, and what new holes would be created? Could some sort of port ACL > > simply be used that says a particular UID can allocate a particular range > > of ports? > > > > Discuss. > > > > BB > > -- > Mark Ruth > Unix Systems Administrator > New York, ksh-2at_private > > GMX - Die Kommunikationsplattform im Internet. > http://www.gmx.net > >
This archive was generated by hypermail 2b30 : Thu Jul 04 2002 - 11:44:56 PDT