Re: Ports 0-1023?

From: Blue Boar (BlueBoarat_private)
Date: Thu Jul 04 2002 - 13:15:49 PDT

Next message: gminick: "Re: Ports 0-1023?"

Previous message: Michal Zalewski: "Re: Ports 0-1023?"
Maybe in reply to: alex: "Ports 0-1023?"
Next in thread: Brian Hatch: "Re: Ports 0-1023?"
Next in thread: gminick: "Re: Ports 0-1023?"
Reply: Brian Hatch: "Re: Ports 0-1023?"
Reply: Robert Bihlmeyer: "Re: Ports 0-1023?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

OK, to summarize the responses:

-Some portion of the daemons presently need root solely so they can get a
low port, and that could be changed if the mechanism to get a low port
didn't require root.

-Some daemons still need root regardless of the port number, because of a
need to change privs/uid.

-Allowing arbitrary uids to start processes on arbitrary ports could be bad
because nonpriv uids might be able to crash the service, and take over the
port, and the service may be one that users authenticate to.

-Some of this functionality could be simulated via port redirection, and
running the real service on a high port.  (Which would suffer from the port
hijacking problem.)

-ACLs could be used to limit which uids can bind which ports.

-R services might break, which could be a bonus.

Which all pretty much confirms my assumptions, thank you.

So, what I had in mind was something to this effect:

File /etc/ports contans:

root:*
telnetd:23
ftpd:20,21,1024-65535
...
*:1024-65535

In this file, telnetd is a uid NOT a process name.  The file is simply a
list of what uids can bind to what ports. We would have to make it so that
the list is static in memory, so that the kernel doesn't have to consult a
file every time it binds a port, but updatable at will by root or similar
administrative account.  The telnetd program would run as uid telnetd. 
Some unix systems have this capability already from what I understand... 
I'd be interested in having people mail me privately which ones do, and how 
close they are to this scheme, and I'll summarize for the list.

I have one more specific question regarding daemons that take
authentication, and switch to another uid.  For something like a telnetd,
or sshd that uses PAM.... in order to drop to a shell as the uid of the
authenticated user, do they really need root?  If you have the
authentication information for the user, then you could call the system
call equivalent of su, right?  So the daemon is actually going after a
privilege gain rather than a drop, because it starts as some account that
can really only bind a special port.

I understand that there would still be some cases, such as a MTA, that want
to be another uid, but never get the authentication information, so they
would likely need to retain root.

What would be wrong with doing things this way (other than having to code it)?

						BB

Next message: gminick: "Re: Ports 0-1023?"
Previous message: Michal Zalewski: "Re: Ports 0-1023?"
Maybe in reply to: alex: "Ports 0-1023?"
Next in thread: Brian Hatch: "Re: Ports 0-1023?"
Next in thread: gminick: "Re: Ports 0-1023?"
Reply: Brian Hatch: "Re: Ports 0-1023?"
Reply: Robert Bihlmeyer: "Re: Ports 0-1023?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 04 2002 - 14:15:08 PDT