Date: Sat, 24 Aug 2002 05:26:53 -0700 From: David Schultz <dschultz@uclink.Berkeley.EDU> To: Rob J Meijer <rmeijer@xs4all.nl> Cc: freebsd-security@FreeBSD.ORG Subject: Re: user based firewalling with ipfw and priviledged ports. Message-ID: <20020824122653.GB4994@HAL9000.homeunix.com> In-Reply-To: <20020824100341.T75248-100000@xs1.xs4all.nl> References: <20020823083714.GA39848@killer.crypton.pl> <20020824100341.T75248-100000@xs1.xs4all.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Thus spake Rob J Meijer <rmeijer@xs4all.nl>: > The problem is that I need to bind to a priviledged port, and in order to > do this I need to start as root and than change the (e&r) uid of the > process to the target uid. It apears that the changing of the process its > uid does not change the way that the user bit of trafic from the specific > socket is seen, both iptables and ipfw interpret the trafic as comming > from the root user. I believe this is the correct behavior. In Unix, access checks are done only when you open a file or socket, not every time you try to read()/write()/accept()/whatever on a file descriptor. That's why you can still access that socket you opened as root even after you drop privileges! IPFW is doing the right thing; when your program accesses a socket that it opened while holding root privileges, it is essentially doing so with root credentials. Perhaps this behavior should be documented on the ipfw manpage, since it's pretty common for programs to bind to privileged ports and then drop root privileges. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020824122653.GB4994>