[bind10-dev] Privileged socket creation

Danny Mayer mayer at ntp.org
Thu Jun 24 03:40:19 UTC 2010


On 5/26/2010 8:59 AM, Jeremy C. Reed wrote:
>> The algorithm for the boss process will be:
>>
>>   1. Drop all permissions other than the ability to setuid(), 
>> chroot(), and bind() to a specific port.
> 
> How?
> 
> For the sandbox, who is doing the fork()? The bind10 or the 
> PrivilegedSocketCreator? I can't guess because it doesn't then say child 
> bind10 will exec the PrivilegedSocketCreator nor does it say that the 
> first PrivilegedSocketCreator (the parent) will exit. (I think it needs 
> one or the other.)

This is really, really bad on windows since there is no equivalent to
fork(). Usually I like just to replace it with creating a thread but if
I understand correctly you don't want to use threads and therefore avoid
having to deal with locking. The problem is one of passing enough
information to the newly created process. I forget the details but it
looks like the _spawn() function is able to pass some of the info.


Danny




More information about the bind10-dev mailing list