Vulnerability Development mailing list archives

Re: Ports 0-1023?

From: gminick <gminick () hacker pl>
Date: Fri, 5 Jul 2002 08:25:03 +0200

On Fri, Jul 05, 2002 at 12:55:20AM +0000, Bruno Morisson wrote:

 Example, uid 80 can bind to tcp port 80.

It leads us to build more static and more complicated systems.
We're just trying to provide new situations where bugs can exist
and what we're trying to achieve isn't worthy...

Why do you say it would be more static ?

Because you need to add dozens of users (httpd, telnetd) to your 
passwd file if you want to build a system where separated users
are running processes and if you want that: "Example, uid 80 can bind to 
tcp port 80" to work you need to add some strage directives to your
kernel.

example uid 80 would be just like root... but unable to do all the other 
things root can :-) Don't think of it as giving privileges, but as taking 
them.

Ok, I understand that, but I can't find out what's wrong with running
(for example) apache from root (it's usually done by /etc/rc.d/ scripts)
and dropping priviledges right after bind()ing.

Are you sure? I think that our new user changes nothing and there's
still a possibility of priviledges expansion from user nobody to
a root (if you've exploited apache with a remote exploit, and you

Yes, it helps nothing on that case.
The difference between starting a process (apache for example) as root 
then dropping privileges, from starting as a user who can only bind to port 
80 (it has no other privileges) and then dropping that privilege is the 
question "do you trust the daemon *really* dropped privileges?",

I have to. When I don't believe in it I'm always able to check it.
We still need to remember that there's a lot of daemons working as
root as long as they're running. When my daemon is dropping priviledges
I'm just more sure about my host's security. If we're providing
"uid 80 can bind to tcp port 80" we need to remember, that there's
not only Apache in the wild and some servers could need a root all the time.

I just don't see any need to run so many things as "root" just because they 
need to bind to privileged ports.

Well, if somebody really need this let's build it as a module or a
kernel patch ;)

-- 
[ Wojtek gminick Walczak ][ http://hacker.pl/gminick/ ]
[ gminick (at) hacker.pl ][ gminick (at) klub.chip.pl ]

Current thread:

Re: Ports 0-1023?, (continued)
- - Re: Ports 0-1023? Sebastian Krahmer (Jul 05)
- Re: Ports 0-1023? robbe (Jul 04)
- Re: Ports 0-1023? Dave Aitel (Jul 04)
  - Re: Ports 0-1023? Michal Zalewski (Jul 04)
  - Re: Ports 0-1023? hicks (Jul 04)
- Re: Ports 0-1023? Juan M. Courcoul (Jul 04)
- Re: Ports 0-1023? Mark Ruth (Jul 04)
  - Re: Ports 0-1023? Bruno Morisson (Jul 04)
    - Re: Ports 0-1023? gminick (Jul 04)
    - Re: Ports 0-1023? Bruno Morisson (Jul 04)
    - Re: Ports 0-1023? gminick (Jul 05)
    - Re: Ports 0-1023? George W. Capehart (Jul 05)
- Ports 0-1023? alex (Jul 04)
  - Re: Ports 0-1023? Michal Zalewski (Jul 04)
- Re: Ports 0-1023? Blue Boar (Jul 04)
  - Re: Ports 0-1023? Brian Hatch (Jul 04)
    - Re: Ports 0-1023? Blue Boar (Jul 04)
    - Re: Ports 0-1023? Brian Hatch (Jul 05)
    - Re: Ports 0-1023? Clint Byrum (Jul 05)
  - Re: Ports 0-1023? Robert Bihlmeyer (Jul 08)
    - Re: Ports 0-1023? Blue Boar (Jul 08)

(Thread continues...)