Re: Got root?
Andres Salomon <firstname.lastname@example.org> writes:
> Perhaps I'm misunderstanding your proposition, but how is this different
> than, say, having inetd listen on ports below 1024, and then
> forking/changing to a different user once a connection is made to the
The current method you describe was vulnerable to bugs concerning setuid(),
as per the 2.2.15->16 bug found by sendmail - having come from root and
called stuid() to become someone else, it was still possible to return to
being root, at which point you have a root daemon running on a port: Bad.
If you do it via capabilities in the first place, you never need to have
*been* root in order to bind to the low port.
(This is only half a solution, though: you're preventing them exploiting
root by changing to use capabilities; what if they're out to exploit
capabilities instead of merely `get root'? Still, it'd buy us some time...)
Newton and Adam, lost and found, |email@example.com
The apple must fall to the ground |http://spodzone.org.uk/