Andres Salomon <[EMAIL PROTECTED]> writes: > Perhaps I'm misunderstanding your proposition, but how is this different > than, say, having inetd listen on ports below 1024, and then > forking/changing to a different user once a connection is made to the > port?
The current method you describe was vulnerable to bugs concerning setuid(), as per the 2.2.15->16 bug found by sendmail - having come from root and called stuid() to become someone else, it was still possible to return to being root, at which point you have a root daemon running on a port: Bad. If you do it via capabilities in the first place, you never need to have *been* root in order to bind to the low port. (This is only half a solution, though: you're preventing them exploiting root by changing to use capabilities; what if they're out to exploit capabilities instead of merely `get root'? Still, it'd buy us some time...) ~Tim -- Newton and Adam, lost and found, |[EMAIL PROTECTED] The apple must fall to the ground |http://spodzone.org.uk/
