On Feb 26, 2008, at 6:37 PM, Andrew Lentvorski wrote:
Sigh.
So, when is Linux going to finally drop the stupid requirement that
you need to be *root* to bind to a port less than 1024?
Without that requirement, pretty much every root compromise
disappears.
I'm not sure how that has anything to do with it, as all apps these
days will start as root, grab the port they need, and then give up
their root privileges and continue to run as an unprivileged user.
Apache, BIND, Postfix, the list goes on and on. There are exceptions
such as Samba, but those are apps that need their root privileges to
do other system operations that aren't just port binding.
Nonetheless, the exploit in Tracy's article showed where a bad web
script would have let an executable onto the system that was owned by
the Apache user. The only way that could turn into a root exploit
would be through a local root exploit in the kernel, such as the one
that was found a couple weeks ago.
--
Joshua Penix http://www.binarytribe.com
Binary Tribe Linux Integration Services & Network Consulting
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
