On Wed, 18 Aug 1999, Gerd wrote:
> Hessu wrote:
> > As a small security measure which might save us from a part of the risk
> > of buffer overflows, listen could 1) open the raw socket, 2) check if
> > real uid != 0 and effective uid == 0 then set euid = real uid; since being
> > root is only required in listen for opening the socket, right?
>
> Really? Only for opening? Not for data interchange? Then things
> would be a lot easier I think.
> But finally: How about closing the socket connection?
Yup. It's the same as for listening on ports < 1024, you need to be root
to be able to bind them, after that you can switch to a non-priviledged
UID. Web servers running on port 80 serve as a good example. htpp does
that too.
(for further details, see man pages for system calls getuid, setuid,
seteuid/setreuid)
Closing is a matter of closing the file/socket, no problem. All of them
are closed and freed when the process dies, too. All of this is pretty
fundamental Unix featurism. The security checks for files (and sockets for
that matter) are only done when opening the file. That's fine, since you
need to open the file to be able to do any I/O on it. And on Unix,
everything is generally represented by files.
(If you are really interested about this, take a good look at the book
UNIX Network Programming by W. Richard Stevens, Prentice Hall - the 1990
edition is just fine. And Advanced Programming in the UNIX environment,
published by Addison-Wesley, is good reading too.)
- Hessu
