Security Basics mailing list archives
RE: Reserved Ports and non-superuser Daemons
From: "Emilio Morla" <emilio.morla () grupositel com mx>
Date: Thu, 6 Dec 2007 11:43:52 -0600
The explanation is quite simple. The socket is binded by root at the start of the daemon, and then switch to a non-privileged user. Thats the case with apache, it starts as root and then witches to http or apache UID and GID. Warm regards Ing. Emilio Morla Phone: +52 (55) 51333385 E-mail: emilio.morla () grupositel com mx Grupo Sitel de México Redes y Seguridad En la inmensidad del tiempo y en la latitud del cosmos, mi dicha fue haber compartido una época y un planeta con ustedes. Carl Sagan -----Mensaje original----- De: listbounce () securityfocus com [mailto:listbounce () securityfocus com] En nombre de Arrav Enviado el: Jueves, 06 de Diciembre de 2007 11:26 a.m. Para: security-basics () securityfocus com Asunto: Reserved Ports and non-superuser Daemons Hello, The book UNIX Socket Programming 3d edition volume one specifies that in UNIX, ports between 0 - 1023 are reserved ports, and can only be used by a program running with super user privs. I know lots of servers are binding to ports beneath 1024, and they obviously don't have root privileges since this would be stupid security wise. I also don't believe they have the suid bit on, because of the same issue. I wonder if someone could explain that to me. Thanks, Guy.
Current thread:
- Reserved Ports and non-superuser Daemons Arrav (Dec 06)
- RE: Reserved Ports and non-superuser Daemons Emilio Morla (Dec 06)
- <Possible follow-ups>
- Re: Reserved Ports and non-superuser Daemons rohnskii (Dec 07)