[1800] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Configuration for binding to "secure" ports?

daemon@ATHENA.MIT.EDU (Pavel Kankovsky)
Fri May 29 05:54:38 1998

Date: Fri, 29 May 1998 11:26:37 +0200 (MET DST)
From: Pavel Kankovsky <peak@kerberos.troja.mff.cuni.cz>
In-reply-to: <000f01bd8a94$f9ce9460$d2e84ace@admin.wgcr.org>
To: linux-security@redhat.com
Reply-to: peak@kerberos.troja.mff.cuni.cz
Resent-From: linux-security@redhat.com

On Thu, 28 May 1998, Lamar Owen wrote:

> [mod: As you can read here, I wrote a short (currently 100 lines)
> program that binds to a port and then execs a prespecified deamon
> under a specified uid. Now my head is clear, almost the same can be
> achieved with inetd. Moreover, as the application has to be modified
> to accept the socket using some mechanism, you could just as well
> modify it to drop root privs after opening the socket. Oh well. --REW]

You can modify the application auto-magically by LD_PRELOAD'ing a library
that overrides libc bind() with something dup2()'ing the pre-bound socket. :)

Well, you could also modify bind() to pass the socket (using BSD-like
unix-domain socket magic) to a privileged "binder daemon" and let it
decide whether you are allowed to bind it to the given port--and do it
itself if you are.

> After sending a draft of this message to the linux-security list, I
> received a highly informative "message rejected" e-mail from Rogier
> Wolff pointing out that the newest kernels in the 2.1 series have
> 'capabilities' -- one of which allows binding to secure ports by
> certain processes.  I look forward to 2.2, which should incorporate
> such features. I would upgrade to a 2.1.x kernel, but stability
> reasons prohibit me at this time.  So, I am currently stuck at 2.0.x,
> which has no such 'capabilities' (bad pun).

A patch for 2.0.x has been published in one of the recent issues
of Phrack that allows processes running under special gids to perform
privileged socket operations.

<quote>

GID 16 : a program running with group 16 privileges can bind to a
         < 1024.  This allows programs like: rlogin, rcp, rsh, and ssh
         to run setgid 16 instead of setuid 0(root).  This also allows
         servers that need to run as root to bind to a privileged port
         like named, to also run setgid 16.

</quote>

I am running named this way.


--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post