Re: Liberating locked up ports
Re: Liberating locked up ports
- Subject: Re: Liberating locked up ports
- From: "Duane Murphy" <email@hidden>
- Date: Mon, 27 Jan 2003 08:41:07 -0800
--- At Mon, 27 Jan 2003 09:46:56 +0100, Bernd Lvhr wrote:
>
Am Freitag, 24.01.03 um 15:06 Uhr schrieb Quinn:
>
>> Our FTP server is tightly integrated into our communication app and
>
>> we cannot make it a separate tool. And we do not want to have the
>
>> complete app run as root for security reasons, as well.
>
>
>
> Does your server use sockets or OT?
>
>
Unfortunately yes...
>
>
>
>
> If you're using the OT APIs, there is no good solution to this problem.
This doesnt sound right, especially coming from Quinn. Maybe I'm
mistaken, but cant you use the same technique they use in Apache?
Apache is an suid-root process. The first thing they do is open the
socket, then immediatelly change the effective user (or maybe the real
user) ID to non-root. This lets you get to the socket you need without
too much worry about security.
The only problem I can imagine is that CFM apps cant be suid-root because
they are not really launched by the system. I have never examined this
problem.
...Duane
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.