Jump to content
  • Advertisement
Sign in to follow this  
jackknack

[SDL] Socket oeffnen ohne root Rechte

This topic is 4388 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hi, ich hab hier ne nette SDL Anwendung unter Linux programmiert. Diese öffnet einen UDP-Socket. Dafür sind aber root-Rechte von Nöten, was ja ein erhebliches Sicherheitsrisiko darstellt. Was muss ich tun, um die Anwendung als normaler User starten zu können? MfG jackknack

Share this post


Link to post
Share on other sites
Advertisement
here is what i got from babelfish:

Rear one, I here ne nice SDL application under Linux programmed. This opens a UDP Socket. However are root-right of emergencies, which represents a substantial safety risk. What do I have to do, in order to be able to start application as a normal user? MfG jackknack

Share this post


Link to post
Share on other sites
"I programmed a nice SDL application under Linux here. This opens a UDP Socket. However are root-(permissions??), which represents a substantial safety risk. What do I have to do, in order to be able to start application as a normal user?"

That's as close as I understand...

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Try using a higher port number.

Share this post


Link to post
Share on other sites
I suspect the AP is correct here. Ports between 0-1023 are only usable by root, and the rest of the range is open to everybody.

Share this post


Link to post
Share on other sites
Thank you guys.
I thought this was a german forum. Thank you for translation.

Is there any way to use a port number lesser than 1024 without root-privileges (except kernel-hacking ;-) )?

greetings jackknack

Share this post


Link to post
Share on other sites
There are a number of ways.

One is to install some kernel modification which gives you alternate port permissions (e.g. grsecurity). This is not normally particularly desirable.

Another is to open the socket as root but then use it in a non-root process. This isn't as daft as it sounds, as you can do the following:

1. Have the server run as root initially, open the socket, then revert to a non-root user to do all other operations (Once the socket is open, changing uid will not cause it to close). This is what web servers (e.g. Apache) typically do.

2. Have another process which runs as root, opens the socket, changes its user ID back to a normal user then exec()s the server process, making sure that the socket file descriptor is on a well-known number (passing the FD number on the command line is one option) and is marked as being left open following an exec() (see fcntl() to set the FD_CLOEXEC flag to 0).

Normally most servers will be run on ports > 1023, except for system-level stuff like ssh and DNS, which normally runs (at least partially) as root anyway.

Mark

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!