Date: Wed, 26 Mar 1997 12:41:03 -0600 (CST) From: "Thomas H. Ptacek" <tqbf@enteract.com> To: adrian@obiwan.aceonline.com.au (Adrian Chadd) Cc: dg@root.com, tqbf@enteract.com, freebsd-security@FreeBSD.ORG Subject: Re: Privileged ports... Message-ID: <199703261841.MAA27419@enteract.com> In-Reply-To: <Pine.BSF.3.95q.970326220852.29096A-100000@obiwan.aceonline.com.au> from "Adrian Chadd" at Mar 26, 97 10:19:55 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> The original idea was running a socket redirector (which, although SUID, > is quite small and much easier to secure), redirecting traffic to the > not-suid-anymore program, however doing it in kernelland appeals much more > to me. Ok, this is the obvious way of dealing with this problem "within the system". INN does the same thing, to an extreme, with a small root-privileged program that opens a reserved port and passes it to an unprivileged process. The problem is that, at some point, you still need to run the program as root. If the past few months have taught me anything, they taught me that you can't rely solely on the application code for security. Every piece of code depended on by an SUID program is security critical as well. As far as I'm concerned, if you can't trust crt0 start(), you can't trust much else either. =) Regardless, it's probably not arguable that UID 0 is overloaded right now. It seems to me that an extremely worthwhile task would be to divide privilege up amongst UIDs and GIDs (reserved ports being a simple example), just as a primitive step towards distributing and compartmentalizing privilege. In any case, I don't think my patch introduces any "gaping security holes". I do think it gave me a lot of flexibility on my systems (I like how -r-xr-sr-x 1 root network 155648 Feb 3 00:13 /usr/bin/rlogin looks on my machines), and it's an exceedingly simple modification. The reserved port range already appears configurable (although I've never played with it), so this isn't a very drastic change. What's the issue with it? ---------------- Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com] ---------------- "If you're so special, why aren't you dead?"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703261841.MAA27419>