From: [EMAIL PROTECTED]
Subject: Re: Unix security concerns.
Stephan,
Thanks. The server setup script did not seem to set these fields up
appropriately ("%-1"). It does indeed seem to suid to the user/group
(works by name just fine). It can't however seem to restart the server
from the administrative interface because once it suids it cant re-bind to
the port :). Though not entirely impressed, I am much more comfortable
having this on the system.
Don.
On Tue, 19 Oct 1999, RealForum wrote:
> Date: Tue, 19 Oct 1999 08:18:44 -0700
> From: RealForum <[EMAIL PROTECTED]>
> Subject: Re: Unix security concerns.
>
> From: [EMAIL PROTECTED] (Stefan Stapelberg)
> Subject: Re: Unix security concerns.
>
> On Oct 16, 4:28, RealForum Digest wrote:
> > Date: Fri, 15 Oct 1999 15:04:57 -0700
> > From: RealForum <[EMAIL PROTECTED]>
> > Subject: Unix security concerns.
> >
> > From: [EMAIL PROTECTED]
> > Subject: Unix security concerns.
> >
> > Help.
> >
> > I have been contracted to install the free server on a FreeBSD server
> > which I administer with the intention of purchasing one of the commercial
> > servers once the proof of concept is developed.
> >
> > Since the streaming occurs on a privilaged port I had to install this as
> > root. The server DOES NOT suid to a less privilaged user after binding
> > to the ports but rather runs around reading and writing files as root.
> >-- End of excerpt from RealForum Digest
>
>
> Hi,
>
> when installing a server, I do the following: I create an user/group ID for
> ownership of all server files (for example: 'realmedia'). Next, I create an
> user/group ID for the ownership of the server process ('realsrv'). In the
> rmserver.cfg, I set the variables
>
> <Var User="%40000"/>
> <Var Group="%40000"/>
>
> to the numerical ID of the 'realsrv' user (specifying the symbolic UID
> probably also works, never tried that). Then I change ownership of all
> static files to 'realmedia' and ownership of all variable files to
> 'realsrv' (important for the logfiles like adm_b_db/logs, enc_r_db/logs
> and the logfiles in the 'Logs' subdirectory, which need write permission
> for the server process).
>
> Depending on whether you want to use the graphical admin interface (I don't
> use it at all), you have to change ownership of the files affected by the
> admin UI also to the server user ('realsrv'). This would be at least the
> config file ('rmserver.cfg') and the password files under adm_b_db /
enc_r_db.
> Note that in this case the server does not create a backup file when
modifying
> the rmserver.cfg this way; for creating a backup file it would also need
write
> permission on the whole server directory which should be avoided if
possible.
>
> After starting the server as root, it binds to the privileged ports and then
> changes process ownership to the user defined in the User variable. However,
> it does not change the process group ID - probably because setgid() is
called
> AFTER setuid() :-} leaving still a potential security hole, although a less
> dangerous one (they really should hire a Unix guru for porting their servers
> to this platforms ;-) The error message in G2 after start of the server is:
>
> E: Couldn't set group to %40000
>
> (similar than the one appearing in Real 3.0, 4.0 and 5.0 servers) but the
> process ownership is changed successfully.
>
> Hope this helps.
>
> Best regards,
> Stefan
*******************************************************
The RealForum is an email discussion group focused on using RealNetworks
products. The RealForum is a place to post messages about the best methods
for creating content using RealNetworks technologies and the planning and
implementation of streaming-media web sites.
If you ever want to remove yourself from this mailing list,
you can send mail to <[EMAIL PROTECTED]> with the following
command in the body of your email message:
unsubscribe realforum
or from another account, besides the address you subscribed with:
unsubscribe realforum <[EMAIL PROTECTED]>
