Date: Tue, 31 Jul 2001 18:08:28 +0200 From: "Karsten W. Rohrbach" <karsten@rohrbach.de> To: Mike Silbersack <silby@silby.com> Cc: "Nickolay A.Kritsky" <nkritsky@internethelp.ru>, security@FreeBSD.ORG Subject: Re: accounting with ipfw (gid, uid riles) Message-ID: <20010731180828.I92506@mail.webmonster.de> In-Reply-To: <20010727223026.D43808-100000@achilles.silby.com>; from silby@silby.com on Fri, Jul 27, 2001 at 10:43:00PM -0500 References: <15993079421.20010727191853@internethelp.ru> <20010727223026.D43808-100000@achilles.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--TA4f0niHM6tHt3xR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Mike Silbersack(silby@silby.com)@2001.07.27 22:43:00 +0000:
>=20
> On Fri, 27 Jul 2001, Nickolay A.Kritsky wrote:
>=20
> > do you mean that after this code:
> > //----------------------------------------------------------------
> > setuid(0);
> > s=3Dsocket(...);
> > listen(s,1);
> > if (fork()!=3D-1)
> > {
> > setuid(1);
> > k=3Daccept(s);
> > }
> > //----------------------------------------------------------------
> > socket pointed by k will be "owned" by root?
>=20
> Yes.
>=20
> > Anyway, it is not the main point of my question. Accounting httpd
> > traffic is just a piece of cake - the port is fixed, the address is
> > fixed. But I wanted to count Squid traffic. AFAIK Squid does not any
> > setuid() voodoo, except for priviledges drop at startup. After that it
> > runs strictly uid 'nobody'. But squid's traffic doesn't hit the
> > counter!!! I wonder why. Maybe it is because of natd running on outer
> > interface? But why then some packets hit the counter?
>=20
> If squid runs the listen as root, all sockets created from that listen
> socket will also be accounted to root. Same problem as the above. I do
> not know how natd would affect connections in terms of uid accounting.
squid's standard ports are higher than 1024, so it should not be a=20
problem to start it with a uid wrapper (setuidgid from daemontools=20
or similar), shouldn't it? then the socket belongs to the squid user=20
i think...
/k
--=20
> MCSE: Management Can't Send E-mail
KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie
http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n=
et/
karsten&rohrbach.de -- alpha&ngenn.net -- alpha&scene.org -- catch@spam.de
GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 B=
F46
Please do not remove my address from To: and Cc: fields in mailing lists. 1=
0x
--TA4f0niHM6tHt3xR
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE7Ztf8M0BPTilkv0YRAuWsAJ9UaTF4xk87nlhgl1q6b3Pola2drwCdGFJJ
BuRKVDXY2ELiZPq0gBGEya8=
=GyLo
-----END PGP SIGNATURE-----
--TA4f0niHM6tHt3xR--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010731180828.I92506>