Very Computer

Hi,

I'm developping a deamon, that will be listening to TCP/IP connections.
It's constituted of several processes :
1- One process, sleeping, and forking into the server in case of
inexpected termination of it
2- The server itself, that listens to the TCP/IP socket
3- Many children talking with clients.

My question is : Should I setuid(), or seteuid() ?

If yes, what is the good moment to do this ? (in server process, just
before opening the socket I suppose ?)

Thanks in advance,

Mathieu D.

First, do you need to run as root at all? If you can run as a non-root
user, that is an easier alternative.

The main reasons you might need to run as root are:
- you need to listen on a privileged port (port < 1024).
- you need to access files that have arbitrary ownerships e.g. user's
home directories

No doubt there are others, but if you aren't doing any of those things,
then just have the system startup script spawn your daemon under the
user ID that you want to use. That way you won't have to worry about
when to use setuid.

Quote:> If yes, what is the good moment to do this ? (in server process, just
> before opening the socket I suppose ?)

Actually, it's likely just after binding the socket if you use a
privileged socket. I'm assuming that your daemon starts up as root, so
you 'setuid' to your daemon user ID (and then back to root as
necessary). From that point on, you should run setuid to your daemon's
UID whenever possible.

----
Jim Patterson
Ottawa, Ont
CANADA

Jim Patterson (aka Bruce) was almost, but not quite, entirely unlike tea:

Quote:> Actually, it's likely just after binding the socket if you use a
> privileged socket. I'm assuming that your daemon starts up as root, so
> you 'setuid' to your daemon user ID (and then back to root as
> necessary). From that point on, you should run setuid to your daemon's
> UID whenever possible.

I've always wondered what good this does. Say you have a buffer
overflow in a program that long ago dropped its privelages. And you
are using the POSIX setuid functions. Can't the buffer overflow be
exploited to first call setuid() to regain those privelages, then do
the rooty stuff?

Of couse, I am probably missing something entirely too obvious here.

--
TimC -- http://www.physics.usyd.edu.au/~tcon/

I'm sorry, but all questions must be in the form of a question.
-- pieceoftheuniverse

If the effective userid is 0 the setuid() function will set
all uid's, so there is no way to regain priveleges.

--
Kasper Dupont