Re: About named port binding

From: Andreas Gietl (a.gietl@e-admin.de)
Date: 01/03/02 

From: Andreas Gietl <a.gietl@e-admin.de>
To: "chulmin" <chulmin@etc.co.kr>, <focus-linux@lists.securityfocus.com>
Date: Thu, 3 Jan 2002 18:37:26 +0100

On Thursday 03 January 2002 12:55, chulmin wrote:
> Hello, all.
>
> I know that only root account bind a port below 1024.
> and anyuser except root can bind or use a port above 1024.
> But named process uses udp port 53 with named uid.
> How can it be possible?
> and is it illegal or exception?

bind starts as root, binds the port and then does a seteuid. So it changes it
uid during startup.

>
> Thanks in advance. 

-- 
e-admin internet gmbh
Andreas Gietl
Roter-Brach-Weg 124a
tel +49 941 3810884
fax +49 941 3810891
mobil +49 171 6070008

Relevant Pages

  • Re: Redirect 127.0.0.1 to host IP?
    ... This will usually need to be run as root in order to bind the "privileged" ... low port. ... your comment suggests you simply want to redirect connections ...
    (comp.security.ssh)
  • Re: About named port binding
    ... > and anyuser except root can bind or use a port above 1024. ... Not illegal, uid 0 can become any user, but any uid cannot become uid 0 ...
    (Focus-Linux)
  • Re: About named port binding
    ... > and anyuser except root can bind or use a port above 1024. ... setuidand setgid() and friends to drop root privs. ...
    (Focus-Linux)
  • RE: Ports 0-1023?
    ... a root owned one that checks ACL's ... and actually binds the port, and a LD_PRELOAD ed library that replaced the ... Can't remember the name of the program, but it was there on freshmeat not ... it'd run a library preload against bind() on ...
    (Vuln-Dev)
  • Re: Hardening a Solaris system.
    ... > I know files that execute with root permissions by normal users (e.g. ... > I've set up a web server, running Apache, so are thinking about what I ... thing to leave enabled in here might be a backup port. ... there are security steps here. ...
    (comp.unix.solaris)