|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Privileged port binding
From: Andrey Savochkin (saw
saw.sw.com.sg)Date: Fri Jul 28 2000 - 01:13:45 CDT
- Next message: Can Erkin Acar: "Re: Irreversable Encryption"
- Previous message: Andrey Savochkin: "Re: Privileged port binding"
- In reply to: Joseph S. Myers: "Re: [code] Privileged port binding"
- Next in thread: Xie Huagang: "Re: Privileged port binding"
- Reply: Andrey Savochkin: "Re: Privileged port binding"
- Reply: Xie Huagang: "Re: Privileged port binding"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, Jul 27, 2000 at 01:56:51PM +0100, Joseph S. Myers wrote:
> On Thu, 27 Jul 2000, Andrey Savochkin wrote:
>
> > A long time ago I wrote some code allowing some programs to use privileged
> > ports without giving them full root (or even full CAP_NET_BIND_SERVICE)
> > rights. Bind() is performed by a special daemon which allows port use basing
> > on process credentials (uid/gid) and the bound socket is passed via UNIX
> > socket.
>
> How do the facilities this provides compare to those provided by Ian
> Jackson's authbind (as distributed in Debian)?
Well, I've looked at authbind code (version 1.1.5.1).
Authbind gives unprivileged programs the ability to use low port by the help
of a setuid-root binary, whereas bindd has the daemon listening on UNIX
domain socket.
The granularity of the access control is about the same, but implemented in a
different way. authbind may check access permissions to a special file,
whereas bindd implements straight match of address/port/uid/gid against its
configuration file.
The summary:
1. authbind utilizes a setuid-root helper binary. It may be considered as a
security drawback because there are more ways for a malicious user to
affect operations in helper binary architecture than in the architecture
with daemon accepting requests via socket. I feel strong natural
resistance against placing a setuid-root binary into a chroot environment
especially created to run untrustworthy code.
2. Invoking a helper binary from the new bind(3) code may have undesired
side-effects if the application uses SIGCHLD for its own needs.
It's a drawback of autbind approach.
3. authbind code is less in size, which may be considered as a security
advantage.
4. bindd provides logging of attempts to use its service, which may be
considered as a security advantage.
So, I prefer bindd, however, I'm certainly biased :-)
Best regards
Andrey
- Next message: Can Erkin Acar: "Re: Irreversable Encryption"
- Previous message: Andrey Savochkin: "Re: Privileged port binding"
- In reply to: Joseph S. Myers: "Re: [code] Privileged port binding"
- Next in thread: Xie Huagang: "Re: Privileged port binding"
- Reply: Andrey Savochkin: "Re: Privileged port binding"
- Reply: Xie Huagang: "Re: Privileged port binding"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]