Re: Ports 0-1023?

[Bruno Morisson <morisson () genhex org>]

It's not an issue if you can setuid() to an unprivileged uid. Usually
you have to start as root, and change to some other user, why not do the
same, but starting as some "privileged" user ?
Example, uid 80 can bind to tcp port 80. You start the httpd as that
user, and drop privileges by setting your uid to nobody (or apache, or
whatever). If the user exploits the daemon, it will be uid nobody (or
whatever), and in the worst case scenario, he will have uid 80, and
never uid 0.

I'm implementing a linux kernel module with this funcionality (and a few
more), which will be released as soon as it is "beta" quality :)


regards,
Bruno Morisson <morisson () genhex org>


On Thu, 2002-07-04 at 08:32, Mark Ruth wrote:
> Hi,
>
> did you ever think about the consequences if someone is able to setup a fake
> sshd or
> telnet daemon? Do i hear "sniffing" from uid(nobody) gained trough new
> apache vuln?!
> (just for example, of course). 
>
> Attackers would find a way to kill a process local/remote and setup their
> own
> progs. No need to change the tradition.
>
> > Is there any point in needing to be root in order to allocate the low
> > ports
> > on unix-like systems, anymore?  Could we get away from having to have some
> > daemons even have a root stub in order to listen on a low port?  What
> > would
> > break, and what new holes would be created?  Could some sort of port ACL
> > simply be used that says a particular UID can allocate a particular range
> > of ports?
> >
> > Discuss.
> >
> >                                                     BB
>
> -- 
> Mark Ruth
> Unix Systems Administrator
> New York, ksh-2 () markruth 2y net
>
> GMX - Die Kommunikationsplattform im Internet.
> http://www.gmx.net