From owner-freebsd-security Tue Jul 31 9: 8:14 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.webmonster.de (datasink.webmonster.de [194.162.162.209]) by hub.freebsd.org (Postfix) with SMTP id 6490137B401 for ; Tue, 31 Jul 2001 09:08:07 -0700 (PDT) (envelope-from karsten@rohrbach.de) Received: (qmail 95865 invoked by uid 1000); 31 Jul 2001 16:08:28 -0000 Date: Tue, 31 Jul 2001 18:08:28 +0200 From: "Karsten W. Rohrbach" To: Mike Silbersack Cc: "Nickolay A.Kritsky" , security@FreeBSD.ORG Subject: Re: accounting with ipfw (gid, uid riles) Message-ID: <20010731180828.I92506@mail.webmonster.de> Mail-Followup-To: "Karsten W. Rohrbach" , Mike Silbersack , "Nickolay A.Kritsky" , security@FreeBSD.ORG References: <15993079421.20010727191853@internethelp.ru> <20010727223026.D43808-100000@achilles.silby.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="TA4f0niHM6tHt3xR" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010727223026.D43808-100000@achilles.silby.com>; from silby@silby.com on Fri, Jul 27, 2001 at 10:43:00PM -0500 X-Arbitrary-Number-Of-The-Day: 42 X-URL: http://www.webmonster.de/ X-Disclaimer: My opinions do not necessarily represent those of my employer Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --TA4f0niHM6tHt3xR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Mike Silbersack(silby@silby.com)@2001.07.27 22:43:00 +0000: >=20 > On Fri, 27 Jul 2001, Nickolay A.Kritsky wrote: >=20 > > do you mean that after this code: > > //---------------------------------------------------------------- > > setuid(0); > > s=3Dsocket(...); > > listen(s,1); > > if (fork()!=3D-1) > > { > > setuid(1); > > k=3Daccept(s); > > } > > //---------------------------------------------------------------- > > socket pointed by k will be "owned" by root? >=20 > Yes. >=20 > > Anyway, it is not the main point of my question. Accounting httpd > > traffic is just a piece of cake - the port is fixed, the address is > > fixed. But I wanted to count Squid traffic. AFAIK Squid does not any > > setuid() voodoo, except for priviledges drop at startup. After that it > > runs strictly uid 'nobody'. But squid's traffic doesn't hit the > > counter!!! I wonder why. Maybe it is because of natd running on outer > > interface? But why then some packets hit the counter? >=20 > If squid runs the listen as root, all sockets created from that listen > socket will also be accounted to root. Same problem as the above. I do > not know how natd would affect connections in terms of uid accounting. squid's standard ports are higher than 1024, so it should not be a=20 problem to start it with a uid wrapper (setuidgid from daemontools=20 or similar), shouldn't it? then the socket belongs to the squid user=20 i think... /k --=20 > MCSE: Management Can't Send E-mail KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n= et/ karsten&rohrbach.de -- alpha&ngenn.net -- alpha&scene.org -- catch@spam.de GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 B= F46 Please do not remove my address from To: and Cc: fields in mailing lists. 1= 0x --TA4f0niHM6tHt3xR Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7Ztf8M0BPTilkv0YRAuWsAJ9UaTF4xk87nlhgl1q6b3Pola2drwCdGFJJ BuRKVDXY2ELiZPq0gBGEya8= =GyLo -----END PGP SIGNATURE----- --TA4f0niHM6tHt3xR-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message