[prev in list] [next in list] [prev in thread] [next in thread] 

List:       secprog
Subject:    Re: Effective, Real and Group id switching for daemons
From:       lists () notatla ! demon ! co ! uk
Date:       2003-01-25 12:16:06
[Download RAW message or body]


From: "John Hanna" <jhanna@cproject.com>

> One of the important features is to be able to run as non-root after we
> start listening on port 25.

I can think of 2 other options:
    use a high port as non-root with port-forwarding to get SMTP traffic
    bind as non-root to port 25 (simple in open-source *nix)

> First is it important to switch the real uid as well? It might be nice to
> ... but not real-uid I suppose the clever hacker would switch the

Exactly - you need to do that.

> Secondly do I need to give the option to switch effective and real group id
> as well? I suppose root group might be able to do something a hacker
> shouldn't, even after they've lost root euid, right?

A few moments with "man perlvar" should lead you to something like this
which you can test by running it as root.

#!/usr/bin/perl -w

system("id");
$)="500 500";   # set group IDs, appears twice to call setgroups()
$(=500;
system("id");
$>=500;         # set user IDs
$<=500;
system("id");
[prev in list] [next in list] [prev in thread] [next in thread]