[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: socket-based activation has unmaintainable security?

On Thu, 7 Feb 2013, Thomas Goirand <zigo@debian.org> wrote:
> > I think he's referring to allowing processes which require listening to a
> > port under 1024 to run without superuser privileges. I believe our
> > implementation on Debian (e.g. Apache) is to have the process start as
> > root, start listening, and then setuid to an unprivileged user.
> Which would be the wrong way of doing things / wrong reason
> for using root as running user, since you can set the
> CAP_NET_BIND_SERVICE capability... (man capabilities ...)

Such capabilities allow the process to bind to all low ports, which usually 
isn't what you desire.  If you want to permit a daemon to bind to exactly one 
reserved port and no others then it seems that the options are systemd (if the 
daemon supports socket based activation) and SE Linux.

My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/

Reply to: