Christopher James Coleman
ug97cjc at cs.bham.ac.uk
Sat Mar 6 16:28:51 PST 2004
On Sun, 7 Mar 2004, Jaakko Heusala wrote:
> How about using a kernel patch that allows root to delegate the ability to
> bind to a port lower than 1024 as non-privileged user? Then there would be
> no need to start that software with root-privileges.
Actually the main requirement for root privileges is authentication and
setuid processes under FTP. As you correctly note, the port binding only
occurs during startup but the requirement for user authentication happens
throughout the lifetime of the process. Thus you need a secure
architecture for the transitions -- as implemented in vsftpd, for example.
Many of the MAC patches also allow making arbitrary non-root run
executables able to set uid, so you can continue in the same vein as you
were originally heading.
More information about the hlfs-dev