Re: chroot BIND Re: Task harden.
On Tuesday 03 April 2001 18:15, Andrew Stribblehill wrote:
> Quoting Herbert Xu <herbert@eriador.apana.org.au>:
> > xsdg <xsdg@softhome.net> wrote:
> > > How can bind bind (no pun intended) to port 53 if it isn't root?
> >
> > By listening on 0 when it did have root privilege. I've never understood
> > this, why does bind do dynamic binding instead of binding to IPADDRANY?
>
> How does this work? Can someone point me to a manpage?
It seems that there is no system call to read a UDP packet from a socket and
discover which local address it was sent to. If you want your UDP based
server to use as the source address the same IP that the client sent the
request to (necessary to attempt security) then you need to have multiple
sockets.
As for binding on port 53 without root. All my servers do this with the
authbind package. Authbind is really easy to use and required no changes to
the daemons.
--
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page
Reply to: