[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Got root?

Perhaps I'm misunderstanding your proposition, but how is this different
than, say, having inetd listen on ports below 1024, and then
forking/changing to a different user once a connection is made to the port?

[root@incandescent drive2]# echo "finger stream tcp nowait nobody /usr/bin/id" >> /etc/inetd.conf
[root@incandescent drive2]# killall -HUP inetd
[root@incandescent drive2]# nc localhost finger
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
[root@incandescent drive2]#  

On Sun, Apr 29, 2001 at 07:19:06AM -0400, Sunny Dubey wrote:
> It would be like having a file called /etc/acl.ports (or something) and 
> within the file, would be a list which binaries are allowed to bind to what 
> ports.  (an example is provided below)
> # /etc/acl.ports
> # Port Numbers               binary
> 80      /usr/local/apache/bin/httpd
> 22          /usr/local/openssh/sshd
> 21         /usr/local/anonftpd/ftpd
> This way, not only would root have control over all ports below 1024, but the 
> deamons themselves don't need to be running as root.  (I also think that it 
> would be very odd for a deamon _needing_ root access to run in the first 
> place ...)
> Thanks for hearing me out.  I could be very wrong on all of this.  (Sorry if 
> I am)  I would just like to know why this hasn't been implemented in UNIX.  
> (Actually, I did once hear about some patch to the LInux kernel that did 
> something similar, but I have yet to find the patch)
> Sunny Dubey
> <insert funny-witty comment here>
> --  
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

"... being a Linux user is sort of like living in a house inhabited
by a large family of carpenters and architects. Every morning when
you wake up, the house is a little different. Maybe there is a new
turret, or some walls have moved. Or perhaps someone has temporarily
removed the floor under your bed." - Unix for Dummies, 2nd Edition
        -- found in the .sig of Rob Riggs, rriggs@tesser.com

Reply to: