[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Privileged Port Puzzle

Hi all.

I am working on the imagectn DICOM image archive
application. imagectn opens a port and waits for 
remote applications to connect to this address. 
The dedicated port number is 104 (see /etc/services)
but any user should be allowed to run a private 
imagectn process on unprivileged ports.

For obvious reasons, it would also make a lot of sense 
to have imagectn optionally invoked as a daemon 
process at boot time by an init.d script (controlled 
by debconf).
For port 104, we would need it to be run with root privileges,
which may be potentially disasterous if it screws up for some
reason. Upstream has suggested to install it suid root (owner
root, mode 4755) as it drops its effective uid anyway once it 
has opened the socket.
However, suid root would allow any user to bind arbitrary
privileged ports, which is probably not desireable. Here is 
the stripped down part of the code: 

    /* if port is privileged we must be as well */
    if (opt_port < 1024) {
        if (geteuid() != 0) {
        ... spit out error message and return ...
    ... open port ...	

Most services (like apache, e.g.) follow a different approach:
They have to be run by root initially, and drop privileges as 
soon as they have done binding their privileged ports. However, 
this is obviously not the way imagectn is supposed to work. 

What would be the most appropriate way to cope with this problem
in Debian?



GPG A997BA7A | 87FC DA31 5F00 C885 0DC3  E28F BD0D 4B33 A997 BA7A

Attachment: pgpCTfkvPcR7Z.pgp
Description: PGP signature

Reply to: