From owner-freebsd-arch Sat Sep 2 9:35:11 2000 Delivered-To: freebsd-arch@freebsd.org Received: from envy.vuurwerk.nl (envy.vuurwerk.nl [194.178.232.112]) by hub.freebsd.org (Postfix) with SMTP id 0339037B424 for ; Sat, 2 Sep 2000 09:35:08 -0700 (PDT) Received: (qmail 72940 invoked from network); 2 Sep 2000 16:35:06 -0000 Received: from kesteren.vuurwerk.nl (HELO daemon.vuurwerk.nl) (194.178.232.59) by envy.vuurwerk.nl with SMTP; 2 Sep 2000 16:35:06 -0000 Received: (nullmailer pid 54328 invoked by uid 11109); Sat, 02 Sep 2000 16:35:06 -0000 Date: Sat, 2 Sep 2000 18:35:06 +0200 From: Peter van Dijk To: freebsd-arch@FreeBSD.ORG Subject: Re: thought about allocation of the first 1024th ports Message-ID: <20000902183506.A54105@vuurwerk.nl> Mail-Followup-To: Peter van Dijk , freebsd-arch@FreeBSD.ORG References: <20000902180027.A13029@cybercable.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20000902180027.A13029@cybercable.fr>; from mux@qualys.com on Sat, Sep 02, 2000 at 06:00:27PM +0200 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, Sep 02, 2000 at 06:00:27PM +0200, Maxime Henrion wrote: > Hi, > > > > On most Unix systems and on FreeBSD, the first 1024th ports can't be allocated by a > non-root process. As far as I know, this is justfied because services running on these > ports generally require root privileges to accomplish their tasks because they are > intended to be used by all the users on the system and need to access to their datas. There's more to it. Lots of services don't need root privileges at all, like, as you say, ident. Still running ident on a port <1024 has a different benefit - remote sites can be sure that the service on that port is the one the box's admin intended. If ident was running on a high port, a remote site would have no way of knowing if that is actually the ident run by the admin or just by one malicious user. > However, some services don't need these privileges, like identd servers, or even web > servers. This implies security problems if these servers are vulnerable to a bug or a > buffer overflow. Advanced servers use setuid() and setgid() system calls to drop their > privileges after having bound the socket. This improves security as if the server is > vulnerable, it can not be used to gain root privileges but only a user's privileges. Correct. > What I wonder now is if an application-independant mechanism to permit some ports below > 1024 to be bound to sockets not owned by root processes would be useful. You assign in a > configuration file which UID's are allowed to allocate which port. Of course, root > processes will also be allowed to allocate these ports and user with other UID's still > can't ; this ensures backward compatibility. Capabilities can help here, as your other mail says. > With such a mechanism, you can run a server as a user and not as root even if the > application doesn't support the setuid/setgid system. The requirement for this to work > is that the application doesn't permits itself to do some other root-only operations > than binding the socket to a privileged port ; it should be this way in most > applications. Fix the applications, not workaround their bugs. Most simple services run from inetd, which can do the setuid anyway. > I invite you to send me your thoughts/advices/rotten tomatoes by e-mail ;-) I hope I > didn't miss something obvious and that something allowing to do what I describe don't > already exists. Technically all you are describing is perfectly feasible. The use is very limited, unfortunately. Greetz, Peter. -- [ircoper] petervd@vuurwerk.nl - Peter van Dijk / Hardbeat [student] Undernet:#groningen/wallops | IRCnet:/#alliance [developer] _____________ [disbeliever - the world is backwards] (__VuurWerk__(--*- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message