Re: socket-based activation has unmaintainable security?
On Thu, 7 Feb 2013, Thomas Goirand <zigo@debian.org> wrote:
> > I think he's referring to allowing processes which require listening to a
> > port under 1024 to run without superuser privileges. I believe our
> > implementation on Debian (e.g. Apache) is to have the process start as
> > root, start listening, and then setuid to an unprivileged user.
>
> Which would be the wrong way of doing things / wrong reason
> for using root as running user, since you can set the
> CAP_NET_BIND_SERVICE capability... (man capabilities ...)
Such capabilities allow the process to bind to all low ports, which usually
isn't what you desire. If you want to permit a daemon to bind to exactly one
reserved port and no others then it seems that the options are systemd (if the
daemon supports socket based activation) and SE Linux.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
Reply to: