Vulnerability Development mailing list archives
Re: Ports 0-1023?
From: Bruno Morisson <morisson () genhex org>
Date: 04 Jul 2002 18:54:05 +0100
It's not an issue if you can setuid() to an unprivileged uid. Usually you have to start as root, and change to some other user, why not do the same, but starting as some "privileged" user ? Example, uid 80 can bind to tcp port 80. You start the httpd as that user, and drop privileges by setting your uid to nobody (or apache, or whatever). If the user exploits the daemon, it will be uid nobody (or whatever), and in the worst case scenario, he will have uid 80, and never uid 0. I'm implementing a linux kernel module with this funcionality (and a few more), which will be released as soon as it is "beta" quality :) regards, Bruno Morisson <morisson () genhex org> On Thu, 2002-07-04 at 08:32, Mark Ruth wrote:
Hi, did you ever think about the consequences if someone is able to setup a fake sshd or telnet daemon? Do i hear "sniffing" from uid(nobody) gained trough new apache vuln?! (just for example, of course). Attackers would find a way to kill a process local/remote and setup their own progs. No need to change the tradition.Is there any point in needing to be root in order to allocate the low ports on unix-like systems, anymore? Could we get away from having to have some daemons even have a root stub in order to listen on a low port? What would break, and what new holes would be created? Could some sort of port ACL simply be used that says a particular UID can allocate a particular range of ports? Discuss. BB-- Mark Ruth Unix Systems Administrator New York, ksh-2 () markruth 2y net GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net
Current thread:
- RE: Ports 0-1023?, (continued)
- RE: Ports 0-1023? Michal Zalewski (Jul 04)
- Re: Ports 0-1023? Dan Kaminsky (Jul 04)
- Re: Ports 0-1023? Michal Zalewski (Jul 04)
- Re: Ports 0-1023? Sebastian Krahmer (Jul 05)
- Re: Ports 0-1023? robbe (Jul 04)
- Re: Ports 0-1023? Dave Aitel (Jul 04)
- Re: Ports 0-1023? Michal Zalewski (Jul 04)
- Re: Ports 0-1023? hicks (Jul 04)
- Re: Ports 0-1023? Juan M. Courcoul (Jul 04)
- Re: Ports 0-1023? Mark Ruth (Jul 04)
- Re: Ports 0-1023? Bruno Morisson (Jul 04)
- Re: Ports 0-1023? gminick (Jul 04)
- Re: Ports 0-1023? Bruno Morisson (Jul 04)
- Re: Ports 0-1023? gminick (Jul 05)
- Re: Ports 0-1023? George W. Capehart (Jul 05)
- Re: Ports 0-1023? Bruno Morisson (Jul 04)
- Re: Ports 0-1023? Michal Zalewski (Jul 04)
- Re: Ports 0-1023? Brian Hatch (Jul 04)
- Re: Ports 0-1023? Blue Boar (Jul 04)
- Re: Ports 0-1023? Brian Hatch (Jul 05)