Vulnerability Development mailing list archives
RE: Ports 0-1023?
From: "Dawes, Rogan (ZA - Johannesburg)" <rdawes () deloitte co za>
Date: Mon, 8 Jul 2002 09:01:06 +0200
I have one more specific question regarding daemons that take authentication, and switch to another uid. For something like a telnetd, or sshd that uses PAM.... in order to drop to a shell as the uid of the authenticated user, do they really need root? If you have the authentication information for the user, then you could call the system call equivalent of su, right? So the daemon is actually going after a privilege gain rather than a drop, because it starts as some account that can really only bind a special port.
Apart from the fact that "su" is setuid root in order to achieve this? AFAIK, the ONLY way to become a different user under Unix is if root says you can. Either via a suid root binary ("su"), or a service/daemon running as root, e.g. telnet, sshd, rshd, etc. I suspect this is essentially the same under NT/2000 as well. It may be possible to code a limited "getprivs" program analogous to su, that would return the "privileges" of the user credentials supplied. Something like sshd's privsep code, where a limited root process simply validates authentication credentials, and returns a "user owned" token that allows them to do what they need to. e.g. a user owned fd, or pty, or whatever. Well, it looks like I was talking rubbish. Even under sshd's privsep, the privileged ssh daemon still forks a user owned process. I don't see a clean interface to this that could be used by arbitrary processes. See http://www.citi.umich.edu/u/provos/ssh/privsep.html It sounds to me like we want something like "sudo" for applications . . . Rogan
Current thread:
- Re: Ports 0-1023?, (continued)
- Re: Ports 0-1023? Blue Boar (Jul 04)
- Re: Ports 0-1023? Brian Hatch (Jul 04)
- Re: Ports 0-1023? Blue Boar (Jul 04)
- Re: Ports 0-1023? Brian Hatch (Jul 05)
- Re: Ports 0-1023? Clint Byrum (Jul 05)
- Re: Ports 0-1023? Brian Hatch (Jul 04)
- Re: Ports 0-1023? Blue Boar (Jul 04)
- Re: Ports 0-1023? Robert Bihlmeyer (Jul 08)
- Re: Ports 0-1023? Blue Boar (Jul 08)
- Re: Ports 0-1023? Robert Bihlmeyer (Jul 08)