Re: sendmail

From: Andrzej Filip (anfi@Box43.pl)
Date: 04/21/03

Next message: Walter Dnes: "Re: Rooted"
Previous message: notbob: "Re: Rooted"
In reply to: Nico Kadel-Garcia: "Re: sendmail"
Next in thread: Nico Kadel-Garcia: "Re: sendmail"
Reply: Nico Kadel-Garcia: "Re: sendmail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Andrzej Filip <anfi@Box43.pl>
Date: Sun, 20 Apr 2003 23:33:00 +0000

Nico Kadel-Garcia wrote:
> Andrzej Filip wrote:
>> [...]
>> Because the group is named comp.os.LINUX.security we should think how
>> to make linux kernel more "application security" friendly by reducing
>> number of tasks which require root privileges
>> e.g. allowing listening on a port<1024 by non root user
>> [e.g. allowing user "mta" to listen on port smtp (25)]
>>
>
> Umm. I am strongly disinclined to disagree with this particular
> approach. Having a semi-secured port range makes my life a lot easier
> configuring firewalls, and helps prevent users from running SMTP servers
> on systems that don't need to run SMTP at all. What else would you
> propose, in its place?

I do not propose removing all restrictions for <1024 ports.
I suggest making it possible for root to grant "listen" access to specific
port <1024 for specific user e.g.
root# grant-listen --port-number 25 --user-name mta_user
Such grants SHOULD NOT survive reboot

Let's use sendmail as an example.
* it listens on "for root only" port 25 (<1024)
* it closes the socket in high load situation and reopens it later
[it makes passing already open socket useless]

It would be neat to remove (on linux) one of a few reasons sendmail, bind and
other applications require root privileges.

Keep root privileges to yourself, do not give them even for a milisecond to
any application if it can be avoided :-)

-- 
Andrzej [pl>en: Andrew] Adam Filip http://www.polbox.com/a/anfi/
*Random epigram* :
A murder may be forgiven, an affront never.
	-- Chinese Proverb

Next message: Walter Dnes: "Re: Rooted"
Previous message: notbob: "Re: Rooted"
In reply to: Nico Kadel-Garcia: "Re: sendmail"
Next in thread: Nico Kadel-Garcia: "Re: sendmail"
Reply: Nico Kadel-Garcia: "Re: sendmail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Good security related article
... A HTTP server has to bind to port 80, ... a process can give up root privileges ...
(borland.public.delphi.thirdpartytools.general)
Re: sendmail security (compared to other MTAs)
... to redirect connections to port 25 to port 1025. ... I believe Sendmail can drop root privileges after accepting a connection ... No giving MTA root privileges at all is more secure than making ...
(comp.mail.misc)
Re: sendmail security (compared to other MTAs)
... to redirect connections to port 25 to port 1025. ... I believe Sendmail can drop root privileges after accepting a connection ... So the master listening process still runs as root, ...
(comp.mail.misc)
Re: sendmail security (compared to other MTAs)
... to redirect connections to port 25 to port 1025. ... I believe Sendmail can drop root privileges after accepting a connection ... So the master listening process still runs as root, ...
(comp.mail.misc)