Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 2 Jan 2002 18:13:52 -0600
From:      "Dustin Puryear" <dpuryear@usa.net>
To:        <freebsd-questions@freebsd.org>
Subject:   RE: Getting Apache to run as user www only
Message-ID:  <PGECILGGNJGDPJKLFEMIIEGPCMAA.dpuryear@usa.net>
In-Reply-To: <PGECILGGNJGDPJKLFEMIKEGNCMAA.dpuryear@usa.net>

next in thread | previous in thread | raw e-mail | index | archive | help
What I think is happening here is that some people are confusing the idea of
allowing a specified user to bind to a port with giving a program image that
same privilege. At least, that's what I think is being assumed here.

Certainly, if a process that is running as a user with bind-to-port-x
priviledge is compromised, that port is compromised, but that is certainly
better than compromising, say, the parent httpd process that is running as
root. This way, even if an attacker compromises the process before it drops
its privileges it will still limit the worst case scenario. Even in this
case there are ways to mitigate resulting damage in many cases, often by
using the current solutions where you switch the user you are running as
after you have bound to the port. This way the root user is never required
and only a subset of your privileged ports are fair game.

Of course, I doubt this is a novel idea, even in the UNIX world where the
single superuser mentality is still strong.

Regards, Dustin

> -----Original Message-----
> From: owner-freebsd-questions@FreeBSD.ORG
> [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Dustin Puryear
> Sent: Wednesday, January 02, 2002 5:55 PM
> To: Matthew Graybosch; freebsd-questions@freebsd.org
> Subject: RE: Getting Apache to run as user www only
>
>
> > > > I think that takes a small prize for being the best suggestion for
> > > > introducing a security hole the size of the grand canyon
> into the O/S.
> > > > Just think about it, before you ask why... :)
> > >
> > > Thought about it. Now, why?
> >
> > I wonder what sort of havoc I could wreak if I were to crack an
> > httpd bound
> > directly to the kernel?
>
> What does that have to do with my suggestion which was to allow a
> specified
> user to bind to a given port. I am not sure where that leads to
> httpd being
> "bound directly to the kernel." Maybe I am missing something? Please
> enlighten me. :)
>
> Regards, Dustin
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?PGECILGGNJGDPJKLFEMIIEGPCMAA.dpuryear>