MOO-cows Mailing List Archive

[Prev][Next][Index][Thread]

Re: Fun with FUP and root.



On Wed, 26 Feb 1997, Jeff Dubrule wrote:
> At 4:04 PM -0800 2/26/97, Shadow wrote:
> >
> >
> >	Or (preferred):
> >		1.  Initialize stuff
> >		2.  Create/bind socket
> >		3.  setuid() to appropriate user and never setuid() back
> >                    to root.
> >
> 
> um . . .  I should point out that nothing suggested so far has adequately
> dealt with multiple port listening.  If you wanted more than just the
> startup port to be < 1024 . . .

Cold essentially does as suggested, and more.  You can specify a 'prebind'
option when you run cold which tells it what port/address/protocol
(TCP/UDP) to bind to--and you can specify it multiple times.  Furthermore,
you can also tell it what user/group to setuid to after it binds what it
needs.  Basically running cold as:


    genesis -p x.x.x.x:80 -p y.y.y.y:-30 -p :25 -u cold -g cold

Will prebind (TCP) port '80' on address x.x.x.x, prebind (UDP) port '30'
on address y.y.y.y (negative ports specify udp vs tcp to Cold) and will
prebind all addresses on port 25.  It'll then setuid to the user/group
'cold' and later, when the database calls bind_port() it'll simply use the
prebound ports.  The implementation is simple enough, and since it
setuid's before forking it also clears up any problems where the driver
may be able to setuid back to root (ohyeah--cold always forks off like a
standard daemon, unless you tell it not too).

Pick one of two options:

   1. use cold--its faster, more powerful and generally better 8)
   2. steal the stuff I did for cold and put it into MOO

() Brandon Gillespie                     http://www.cold.org/~brandon/  ()
() The Cold Project needs your support!  http://www.cold.org/support/   ()

"I loathe people who keep dogs. They are cowards who haven't got the
      guts to bite people themselves."      -- August Strindberg



Follow-Ups: References:

Home | Subject Index | Thread Index