[erik@galt.com: Re: Fun with FUP and root.]

Date: Fri, 4 Apr 1997 11:45:13 -0600
From:
"Robert J. Brown" <rj@eli.wariat.org>

------- Start of forwarded message -------
Return-Path: nop@ccs.neu.edu
X-Authentication-Warning: force.galt.com: erik owned process doing -bs
X-Authentication-Warning: force.galt.com: Host localhost didn't use HELO protocol
X-Mailer: exmh version 1.6.2 7/18/95
From: "Erik R. Ogan" <erik@galt.com>
To: Jeni Tennison <jft@psychology.nottingham.ac.uk>
cc: moo-cows@parc.xerox.com
X-url: http://www.galt.com/~erik/
Subject: Re: Fun with FUP and root. 
In-reply-to: Your message of "Wed, 26 Feb 1997 02:42:34 PST."
             <l03020903af39bd41f5d3@[128.243.31.122]> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 26 Feb 1997 07:52:13 PST
Sender: MOO-Cows-Errors@parc.xerox.com
Precedence: bulk
Resent-From: clue-cows <nop@nop.com>
Errors-To: clue-cows <nop@nop.com>

> If you want to have your MOO listening to a port numbered less than 1000
> (or is it 100?), you have to have it running as root.  You might want to do

	On most UN*X-based systems it's ports below 1024.

> this if you want a WWW connected MOO running on the default HTTP port (80),
> or if you want anyone telnetting to the machine to get straight to the MOO
> (port 23).  While the latter is extremely unlikely if not downright stupid,
> the former could well be useful in some cases.

	I don't believe there are too many MOOs running on ports below
	1024, but I'm not really replying to argue why one would want
	to bind a low port number.

	My question is, once the port is bound, is there any reason
	NOT to setuid(some_other_user)? I'd actually suggest adding
	code that checks the (e?)uid of the process after binding the
	port and does a setuid(nobody) (configurable, of course) if
	the server is running as root.

	Of course, it's easy to say that without looking at the source
	to see what it's doing already...

	Just my $.02 (converted to local currency as needed)

- --
Erik R. Ogan                                        Mail with Subject:
Webmaster/Applications Programmer                    "send public key"
GALT Technologies / Intuit, Inc.             Returns my PGP public key
           4E C8 9E AC 2E 79 1E 26  62 4E 40 AA A9 52 98 21
------- End of forwarded message -------

Prev by Subject: [egoff@combase.com: #define LOG_COMMANDS]
Next by Subject: [matthew@post.flexnet.net: Status?]
Next by thread: [nop@nop.com: clue-cows is listening]
Index(es):
- Subject
- Thread

Home | Subject Index | Thread Index