From: [EMAIL PROTECTED] (Stefan Stapelberg)
Subject: Re: Unix security concerns.
On Oct 16, 4:28, RealForum Digest wrote:
> Date: Fri, 15 Oct 1999 15:04:57 -0700
> From: RealForum <[EMAIL PROTECTED]>
> Subject: Unix security concerns.
>
> From: [EMAIL PROTECTED]
> Subject: Unix security concerns.
>
> Help.
>
> I have been contracted to install the free server on a FreeBSD server
> which I administer with the intention of purchasing one of the commercial
> servers once the proof of concept is developed.
>
> Since the streaming occurs on a privilaged port I had to install this as
> root. The server DOES NOT suid to a less privilaged user after binding
> to the ports but rather runs around reading and writing files as root.
>-- End of excerpt from RealForum Digest
Hi,
when installing a server, I do the following: I create an user/group ID for
ownership of all server files (for example: 'realmedia'). Next, I create an
user/group ID for the ownership of the server process ('realsrv'). In the
rmserver.cfg, I set the variables
<Var User="%40000"/>
<Var Group="%40000"/>
to the numerical ID of the 'realsrv' user (specifying the symbolic UID
probably also works, never tried that). Then I change ownership of all
static files to 'realmedia' and ownership of all variable files to
'realsrv' (important for the logfiles like adm_b_db/logs, enc_r_db/logs
and the logfiles in the 'Logs' subdirectory, which need write permission
for the server process).
Depending on whether you want to use the graphical admin interface (I don't
use it at all), you have to change ownership of the files affected by the
admin UI also to the server user ('realsrv'). This would be at least the
config file ('rmserver.cfg') and the password files under adm_b_db / enc_r_db.
Note that in this case the server does not create a backup file when modifying
the rmserver.cfg this way; for creating a backup file it would also need write
permission on the whole server directory which should be avoided if possible.
After starting the server as root, it binds to the privileged ports and then
changes process ownership to the user defined in the User variable. However,
it does not change the process group ID - probably because setgid() is called
AFTER setuid() :-} leaving still a potential security hole, although a less
dangerous one (they really should hire a Unix guru for porting their servers
to this platforms ;-) The error message in G2 after start of the server is:
E: Couldn't set group to %40000
(similar than the one appearing in Real 3.0, 4.0 and 5.0 servers) but the
process ownership is changed successfully.
Hope this helps.
Best regards,
Stefan
--
Stefan Stapelberg Fon: +49.6221.803.802 RENT-A-GURU (TM)
<[EMAIL PROTECTED]> Fax: +49.6221.803.899 Neuer Weg 16
http://www.netstore.de/ RAG3-RIPE D-69118 Heidelberg
** Microsoft spel chekar vor sail, worgs grate!! **
*******************************************************
The RealForum is an email discussion group focused on using RealNetworks
products. The RealForum is a place to post messages about the best methods
for creating content using RealNetworks technologies and the planning and
implementation of streaming-media web sites.
If you ever want to remove yourself from this mailing list,
you can send mail to <[EMAIL PROTECTED]> with the following
command in the body of your email message:
unsubscribe realforum
or from another account, besides the address you subscribed with:
unsubscribe realforum <[EMAIL PROTECTED]>
