Hi all.
I am working on the imagectn DICOM image archive
application. imagectn opens a port and waits for
remote applications to connect to this address.
The dedicated port number is 104 (see /etc/services)
but any user should be allowed to run a private
imagectn process on unprivileged ports.
For obvious reasons, it would also make a lot of sense
to have imagectn optionally invoked as a daemon
process at boot time by an init.d script (controlled
by debconf).
For port 104, we would need it to be run with root privileges,
which may be potentially disasterous if it screws up for some
reason. Upstream has suggested to install it suid root (owner
root, mode 4755) as it drops its effective uid anyway once it
has opened the socket.
However, suid root would allow any user to bind arbitrary
privileged ports, which is probably not desireable. Here is
the stripped down part of the code:
...
/* if port is privileged we must be as well */
if (opt_port < 1024) {
if (geteuid() != 0) {
... spit out error message and return ...
}
}
... open port ...
setuid(getuid());
...
Most services (like apache, e.g.) follow a different approach:
They have to be run by root initially, and drop privileges as
soon as they have done binding their privileged ports. However,
this is obviously not the way imagectn is supposed to work.
What would be the most appropriate way to cope with this problem
in Debian?
TIA.
Juergen
--
GPG A997BA7A | 87FC DA31 5F00 C885 0DC3 E28F BD0D 4B33 A997 BA7A
Attachment:
pgpSDgg2SuC2r.pgp
Description: PGP signature