[bind10-dev] Privileged socket creation
Jeremy C. Reed
jreed at isc.org
Wed May 26 12:59:56 UTC 2010
> The algorithm for the boss process will be:
>
> 1. Drop all permissions other than the ability to setuid(),
> chroot(), and bind() to a specific port.
How?
For the sandbox, who is doing the fork()? The bind10 or the
PrivilegedSocketCreator? I can't guess because it doesn't then say child
bind10 will exec the PrivilegedSocketCreator nor does it say that the
first PrivilegedSocketCreator (the parent) will exit. (I think it needs
one or the other.)
Also need to take in consideration that logging (bind10 or other
modules other than PrivilegedSocketCreator) may be started as root
and then may later be done as a different user. (If using syslog that is
not a problem.)
By the way, can you point me to any code examples (or projects) that
pass bound sockets to other unrelated/non-forked processes? I am curious
how that is done.
May want to code this considering the use of SELinux, Linux or POSIX
capabilities, or TrustedBSD extensions to allow running as non-root.
We may want to look at authbind.
http://en.wikipedia.org/wiki/Authbind
(even though it may not be portable, is written in C and doesn't know
IPv6 it may have some ideas.)
More information about the bind10-dev
mailing list