From owner-freebsd-arch Tue Sep 5 8:42: 9 2000 Delivered-To: freebsd-arch@freebsd.org Received: from houston.matchlogic.com (mail.matchlogic.com [205.216.147.127]) by hub.freebsd.org (Postfix) with ESMTP id 4689837B424 for ; Tue, 5 Sep 2000 08:42:06 -0700 (PDT) Received: by houston.matchlogic.com with Internet Mail Service (5.5.2650.21) id ; Tue, 5 Sep 2000 09:42:05 -0600 Message-ID: <5FE9B713CCCDD311A03400508B8B30135878FE@bdr-xcln.is.matchlogic.com> From: Charles Randall To: 'Maxime Henrion' , freebsd-arch@freebsd.org Subject: RE: thought about allocation of the first 1024th ports Date: Tue, 5 Sep 2000 09:41:54 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG We run ipfw+natd for local port redirection on some of our web servers. That allows us to avoid setuid root executables. I've found it to be a very workable solution for programmers and system admins. Charles -----Original Message----- From: Maxime Henrion [mailto:mux@qualys.com] Sent: Saturday, September 02, 2000 10:00 AM To: freebsd-arch@freebsd.org Subject: thought about allocation of the first 1024th ports Hi, On most Unix systems and on FreeBSD, the first 1024th ports can't be allocated by a non-root process. As far as I know, this is justfied because services running on these ports generally require root privileges to accomplish their tasks because they are intended to be used by all the users on the system and need to access to their datas. However, some services don't need these privileges, like identd servers, or even web servers. This implies security problems if these servers are vulnerable to a bug or a buffer overflow. Advanced servers use setuid() and setgid() system calls to drop their privileges after having bound the socket. This improves security as if the server is vulnerable, it can not be used to gain root privileges but only a user's privileges. What I wonder now is if an application-independant mechanism to permit some ports below 1024 to be bound to sockets not owned by root processes would be useful. You assign in a configuration file which UID's are allowed to allocate which port. Of course, root processes will also be allowed to allocate these ports and user with other UID's still can't ; this ensures backward compatibility. With such a mechanism, you can run a server as a user and not as root even if the application doesn't support the setuid/setgid system. The requirement for this to work is that the application doesn't permits itself to do some other root-only operations than binding the socket to a privileged port ; it should be this way in most applications. I invite you to send me your thoughts/advices/rotten tomatoes by e-mail ;-) I hope I didn't miss something obvious and that something allowing to do what I describe don't already exists. Regards, Maxime Henrion To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message