[bind10-dev] Privileged socket creation
Danny Mayer
mayer at ntp.org
Thu Jun 24 03:40:19 UTC 2010
On 5/26/2010 8:59 AM, Jeremy C. Reed wrote:
>> The algorithm for the boss process will be:
>>
>> 1. Drop all permissions other than the ability to setuid(),
>> chroot(), and bind() to a specific port.
>
> How?
>
> For the sandbox, who is doing the fork()? The bind10 or the
> PrivilegedSocketCreator? I can't guess because it doesn't then say child
> bind10 will exec the PrivilegedSocketCreator nor does it say that the
> first PrivilegedSocketCreator (the parent) will exit. (I think it needs
> one or the other.)
This is really, really bad on windows since there is no equivalent to
fork(). Usually I like just to replace it with creating a thread but if
I understand correctly you don't want to use threads and therefore avoid
having to deal with locking. The problem is one of passing enough
information to the newly created process. I forget the details but it
looks like the _spawn() function is able to pass some of the info.
Danny
More information about the bind10-dev
mailing list