[SDL] Socket oeffnen ohne root Rechte
Author
Hi,
ich hab hier ne nette SDL Anwendung unter Linux programmiert. Diese öffnet einen UDP-Socket.
Dafür sind aber root-Rechte von Nöten, was ja ein erhebliches Sicherheitsrisiko darstellt.
Was muss ich tun, um die Anwendung als normaler User starten zu können?
MfG jackknack
here is what i got from babelfish:
Rear one, I here ne nice SDL application under Linux programmed. This opens a UDP Socket. However are root-right of emergencies, which represents a substantial safety risk. What do I have to do, in order to be able to start application as a normal user? MfG jackknack
Rear one, I here ne nice SDL application under Linux programmed. This opens a UDP Socket. However are root-right of emergencies, which represents a substantial safety risk. What do I have to do, in order to be able to start application as a normal user? MfG jackknack
"I programmed a nice SDL application under Linux here. This opens a UDP Socket. However are root-(permissions??), which represents a substantial safety risk. What do I have to do, in order to be able to start application as a normal user?"
That's as close as I understand...
That's as close as I understand...
I suspect the AP is correct here. Ports between 0-1023 are only usable by root, and the rest of the range is open to everybody.
Author
Thank you guys.
I thought this was a german forum. Thank you for translation.
Is there any way to use a port number lesser than 1024 without root-privileges (except kernel-hacking ;-) )?
greetings jackknack
I thought this was a german forum. Thank you for translation.
Is there any way to use a port number lesser than 1024 without root-privileges (except kernel-hacking ;-) )?
greetings jackknack
There are a number of ways.
One is to install some kernel modification which gives you alternate port permissions (e.g. grsecurity). This is not normally particularly desirable.
Another is to open the socket as root but then use it in a non-root process. This isn't as daft as it sounds, as you can do the following:
1. Have the server run as root initially, open the socket, then revert to a non-root user to do all other operations (Once the socket is open, changing uid will not cause it to close). This is what web servers (e.g. Apache) typically do.
2. Have another process which runs as root, opens the socket, changes its user ID back to a normal user then exec()s the server process, making sure that the socket file descriptor is on a well-known number (passing the FD number on the command line is one option) and is marked as being left open following an exec() (see fcntl() to set the FD_CLOEXEC flag to 0).
Normally most servers will be run on ports > 1023, except for system-level stuff like ssh and DNS, which normally runs (at least partially) as root anyway.
Mark
One is to install some kernel modification which gives you alternate port permissions (e.g. grsecurity). This is not normally particularly desirable.
Another is to open the socket as root but then use it in a non-root process. This isn't as daft as it sounds, as you can do the following:
1. Have the server run as root initially, open the socket, then revert to a non-root user to do all other operations (Once the socket is open, changing uid will not cause it to close). This is what web servers (e.g. Apache) typically do.
2. Have another process which runs as root, opens the socket, changes its user ID back to a normal user then exec()s the server process, making sure that the socket file descriptor is on a well-known number (passing the FD number on the command line is one option) and is marked as being left open following an exec() (see fcntl() to set the FD_CLOEXEC flag to 0).
Normally most servers will be run on ports > 1023, except for system-level stuff like ssh and DNS, which normally runs (at least partially) as root anyway.
Mark
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
