>On Jul 2, 9:00am, David Greenman (possibly) wrote:
>
>> Um, well, let's talk about FTP servers, then, since those do a privileged
>> bind() for every data connection that is estabilished (one per file
>> transfer).
>
>Good point. The various examples here are pointing out something: in
>most cases, and so far as I know in all of the most frequent cases,
>it's only necessary to be able to bind to _one_ privileged port. (By
>'the most frequent cases', I'm referring to that while the FTP server
>has to bind to both port 20 and port 21, the latter is far more
>frequent than the former - the first just happens when starting up a
>new daemon (and is usually done by inetd in any event).) This implies
>that one way to speed things up would be to have as extra fields in a
>privilege structure (or as part of the ucred structure) the main tcp
>or udp port the process is permitted to bind to. In this way, one
>would simply check:
> A. does the process have the PRIV_TCP (or PRIV_UDP) privilege;
> B. if so, is the port in the privilege/ucred structure equal
> to the requested one (with a 0 meaning none has been
> established)? If so, allow
> C. if not, do whatever scanning is necessary to figure out if
> the port is allowable; if it is, then put that port # in
> the privilege/ucred structure
Okay, so you are saying that the PRIV_* port privileges would be honored
only for the first privileged port number that is bind()'ed [sic]?
Hmmm...sounds interesting. I like that a lot better than assigning 1024
gids to TCP, another 1024 gids to UDP, etc.
-DG
David Greenman
Co-founder/Principal Architect, The FreeBSD Project
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message