[1800] in linux-security and linux-alert archive
[linux-security] Re: Configuration for binding to "secure" ports?
daemon@ATHENA.MIT.EDU (Pavel Kankovsky)
Fri May 29 05:54:38 1998
Date: Fri, 29 May 1998 11:26:37 +0200 (MET DST)
From: Pavel Kankovsky <peak@kerberos.troja.mff.cuni.cz>
In-reply-to: <000f01bd8a94$f9ce9460$d2e84ace@admin.wgcr.org>
To: linux-security@redhat.com
Reply-to: peak@kerberos.troja.mff.cuni.cz
Resent-From: linux-security@redhat.com
On Thu, 28 May 1998, Lamar Owen wrote:
> [mod: As you can read here, I wrote a short (currently 100 lines)
> program that binds to a port and then execs a prespecified deamon
> under a specified uid. Now my head is clear, almost the same can be
> achieved with inetd. Moreover, as the application has to be modified
> to accept the socket using some mechanism, you could just as well
> modify it to drop root privs after opening the socket. Oh well. --REW]
You can modify the application auto-magically by LD_PRELOAD'ing a library
that overrides libc bind() with something dup2()'ing the pre-bound socket. :)
Well, you could also modify bind() to pass the socket (using BSD-like
unix-domain socket magic) to a privileged "binder daemon" and let it
decide whether you are allowed to bind it to the given port--and do it
itself if you are.
> After sending a draft of this message to the linux-security list, I
> received a highly informative "message rejected" e-mail from Rogier
> Wolff pointing out that the newest kernels in the 2.1 series have
> 'capabilities' -- one of which allows binding to secure ports by
> certain processes. I look forward to 2.2, which should incorporate
> such features. I would upgrade to a 2.1.x kernel, but stability
> reasons prohibit me at this time. So, I am currently stuck at 2.0.x,
> which has no such 'capabilities' (bad pun).
A patch for 2.0.x has been published in one of the recent issues
of Phrack that allows processes running under special gids to perform
privileged socket operations.
<quote>
GID 16 : a program running with group 16 privileges can bind to a
< 1024. This allows programs like: rlogin, rcp, rsh, and ssh
to run setgid 16 instead of setuid 0(root). This also allows
servers that need to run as root to bind to a privileged port
like named, to also run setgid 16.
</quote>
I am running named this way.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null