Bug#427605: ITP: privbind -- Allow unprivileged apps to bind to a privileged port
On Tuesday 05 June 2007 16:52, Shachar Shemesh [EMAIL PROTECTED] wrote: Package: wnpp Severity: wishlist Owner: Shachar Shemesh [EMAIL PROTECTED] What benefits does this offer over authbind which has been in Debian for ages? -- [EMAIL PROTECTED] http://etbe.coker.com.au/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#427605: ITP: privbind -- Allow unprivileged apps to bind to a privileged port
Russell Coker wrote: On Tuesday 05 June 2007 16:52, Shachar Shemesh [EMAIL PROTECTED] wrote: Package: wnpp Severity: wishlist Owner: Shachar Shemesh [EMAIL PROTECTED] What benefits does this offer over authbind which has been in Debian for ages? It uses a (I think) much more secure mode of operation. In particular: - No SUID executables - User who launches the daemon must be root - Privileges go down, never up And, as a result: - No global configuration necessary (though one will probably be added later if necessary). Shachar -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#427605: ITP: privbind -- Allow unprivileged apps to bind to a privileged port
On Wednesday 06 June 2007 20:05, Shachar Shemesh [EMAIL PROTECTED] wrote: What benefits does this offer over authbind which has been in Debian for ages? It uses a (I think) much more secure mode of operation. In particular: - No SUID executables - User who launches the daemon must be root Having a daemon instead of a SUID executable does not inherently make it more secure (there has been no shortage of exploits for bugs in daemons in the past). - Privileges go down, never up The usual system is that a process with UID != 0 can not bind to ports below 1024. Breaking this involves increasing the privileges of some programs. And, as a result: - No global configuration necessary (though one will probably be added later if necessary). How can there be no global configuration needed? The sysadmin needs to decide which users are granted the privilege to bind to low ports and which ports those users may bind to. -- [EMAIL PROTECTED] http://etbe.coker.com.au/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#427605: ITP: privbind -- Allow unprivileged apps to bind to a privileged port
Russell Coker wrote: On Wednesday 06 June 2007 20:05, Shachar Shemesh [EMAIL PROTECTED] wrote: What benefits does this offer over authbind which has been in Debian for ages? Before I begin answering your questions, the bug report has a link to technical explanation of how privbind is implemented. Have you read it? It uses a (I think) much more secure mode of operation. In particular: - No SUID executables - User who launches the daemon must be root Having a daemon instead of a SUID executable does not inherently make it more secure (there has been no shortage of exploits for bugs in daemons in the past). s/daemon/program that needs low port binding/ privbind does not allow regular users to bind to low ports. Privbind allows root to run program that bind to low port as non-root. The usual system is that a process with UID != 0 can not bind to ports below 1024. Breaking this involves increasing the privileges of some programs. Please read the privbind man page. It does not do what you think it does. And, as a result: - No global configuration necessary (though one will probably be added later if necessary). How can there be no global configuration needed? Please read the privbind man page. It does not do what you think it does. The sysadmin needs to decide which users are granted the privilege to bind to low ports and which ports those users may bind to. Please read the privbind man page. It does not do what you think it does. Shachar -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#427605: ITP: privbind -- Allow unprivileged apps to bind to a privileged port
Package: wnpp Severity: wishlist Owner: Shachar Shemesh [EMAIL PROTECTED] * Package name: privbind Version : 0.2 Upstream Author : Shachar Shemesh [EMAIL PROTECTED] * URL : http://sourceforge.net/projects/privbind * License : GPL Programming Lang: C Description : Allow unprivileged apps to bind to a privileged port This program allows running another program as a non-root user, except the other program will be able to bind to privileged (1024) ports. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-686 Locale: LANG=en_US, LC_CTYPE=he_IL (charmap=ISO-8859-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#427605: ITP: privbind -- Allow unprivileged apps to bind to a privileged port
also sprach Shachar Shemesh [EMAIL PROTECTED] [2007.06.05.0852 +0200]: This program allows running another program as a non-root user, except the other program will be able to bind to privileged (1024) ports. How? Could you include a short note on how it does this magic in the description please? -- .''`. martin f. krafft [EMAIL PROTECTED] : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems signature.asc Description: Digital signature (GPG/PGP)
Bug#427605: ITP: privbind -- Allow unprivileged apps to bind to a privileged port
martin f krafft wrote: How? Could you include a short note on how it does this magic in the description please? I'll do (arguably) better. I'll link to a not so short description at http://privbind.svn.sourceforge.net/viewvc/privbind/trunk/README?view=markup In a nutshell, privbind uses a 100% user space approach that does not rely on SUID executables or on global configs (unlike authbind). Instead, a root process runs privbind, which drops privileges and runs the actual program. Privbind does leave a root process behind, and wraps the program run with a LD_PRELOAD library that intercepts the bind call, and forwards its file descriptor through an open UNIX domain socket to the root process, which carries out the actual bind. Shachar -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
