From owner-freebsd-security Sat Aug 24 5:26:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A012337B400 for ; Sat, 24 Aug 2002 05:26:20 -0700 (PDT) Received: from HAL9000.homeunix.com (12-232-220-15.client.attbi.com [12.232.220.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id 25EFF43E65 for ; Sat, 24 Aug 2002 05:26:20 -0700 (PDT) (envelope-from dschultz@uclink.Berkeley.EDU) Received: from HAL9000.homeunix.com (localhost [127.0.0.1]) by HAL9000.homeunix.com (8.12.5/8.12.5) with ESMTP id g7OCQwJ7007630; Sat, 24 Aug 2002 05:26:58 -0700 (PDT) (envelope-from dschultz@uclink.Berkeley.EDU) Received: (from das@localhost) by HAL9000.homeunix.com (8.12.5/8.12.5/Submit) id g7OCQrsD007629; Sat, 24 Aug 2002 05:26:53 -0700 (PDT) (envelope-from dschultz@uclink.Berkeley.EDU) Date: Sat, 24 Aug 2002 05:26:53 -0700 From: David Schultz To: Rob J Meijer Cc: freebsd-security@FreeBSD.ORG Subject: Re: user based firewalling with ipfw and priviledged ports. Message-ID: <20020824122653.GB4994@HAL9000.homeunix.com> Mail-Followup-To: Rob J Meijer , freebsd-security@FreeBSD.ORG References: <20020823083714.GA39848@killer.crypton.pl> <20020824100341.T75248-100000@xs1.xs4all.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020824100341.T75248-100000@xs1.xs4all.nl> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thus spake Rob J Meijer : > The problem is that I need to bind to a priviledged port, and in order to > do this I need to start as root and than change the (e&r) uid of the > process to the target uid. It apears that the changing of the process its > uid does not change the way that the user bit of trafic from the specific > socket is seen, both iptables and ipfw interpret the trafic as comming > from the root user. I believe this is the correct behavior. In Unix, access checks are done only when you open a file or socket, not every time you try to read()/write()/accept()/whatever on a file descriptor. That's why you can still access that socket you opened as root even after you drop privileges! IPFW is doing the right thing; when your program accesses a socket that it opened while holding root privileges, it is essentially doing so with root credentials. Perhaps this behavior should be documented on the ipfw manpage, since it's pretty common for programs to bind to privileged ports and then drop root privileges. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message