Re: Got root?

To: debian-security@lists.debian.org
Subject: Re: Got root?
From: Adam Olsen <adamolsen@technologist.com>
Date: Wed, 2 May 2001 02:53:29 +0000
Message-id: <20010502025329.A31679@rhamphoryncus.dyndns.org>
In-reply-to: <20010501001130.17393.qmail@alongtheway.com>; from jamesb-debian@alongtheway.com on Tue, May 01, 2001 at 12:11:30AM +0000
References: <01042907190600.00703@kiwi> <20010501001130.17393.qmail@alongtheway.com>

On Tue, May 01, 2001 at 12:11:30AM +0000, Jim Breton wrote:
> On Sun, Apr 29, 2001 at 07:19:06AM -0400, Sunny Dubey wrote:
> > I know that UNIX does it so that normal users can't seem like legit and 
> > important services, but there surely must be some better way of delegating a 
> > port below 1024 to a deamon.
> 
> If you have a need to do this now and don't want to play with kernel
> caps then you might try the "authbind" package.  I have used it before
> and it works!
> 
> Package: authbind
> Description: Allows non-root programs to bind() to low ports
>  This package allows a package to be started as non-root but
>  still bind to low ports, without any changes to the application.

Since there IS a way to do what he wanted, what would it take to make
it used by default?  I'm sure everybody running BIND would feel alot
safer if it never ran as root, and such a practice would probably earn
Debian as a whole a few points for security.

And if spontaneously making authbind required for various packages
doesn't appeal, it could be done with making it only used if it
exists, and just put it in a Recomends line.

-- 
Adam Olsen, aka Rhamphoryncus

Reply to:

Follow-Ups:
- Re: Got root?
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: Re: Got root?
Next by Date: Re: Got root?
Previous by thread: Re: Got root?
Next by thread: Re: Got root?
Index(es):
- Date
- Thread