[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Got root?

Andres Salomon <dilinger@mp3revolution.net> writes:

> Perhaps I'm misunderstanding your proposition, but how is this different
> than, say, having inetd listen on ports below 1024, and then
> forking/changing to a different user once a connection is made to the
> port?

The current method you describe was vulnerable to bugs concerning setuid(),
as per the 2.2.15->16 bug found by sendmail - having come from root and
called stuid() to become someone else, it was still possible to return to
being root, at which point you have a root daemon running on a port: Bad.

If you do it via capabilities in the first place, you never need to have
*been* root in order to bind to the low port.

(This is only half a solution, though: you're preventing them exploiting
root by changing to use capabilities; what if they're out to exploit
capabilities instead of merely `get root'? Still, it'd buy us some time...)

Newton and Adam, lost and found,            |piglet@stirfried.vegetable.org.uk
The apple must fall to the ground           |http://spodzone.org.uk/

Reply to: