SunOS and shared libraries, security aspects

[R. Glaschick]

In <59263 at bbn.BBN.COM> djw at bbn.com (David Waitzman) writes:

>I occasionally write and distribute programs that need to use raw IP
>sockets, roughly the same thing, protection-wise, as a program using
>"privileged" ports.  I dislike needing to run the programs set-uid root
>(or by root) just to do this one special privileged thing.

I fully agree. See e.g. mail, that does not have super user rights.

>How do you all feel about the practice of using a special group that
>allows one to access privileged ports or raw IP sockets?  The programs
>can then just be run setgid to that group.  The kernel socket opening
>code would then allow the opening of privileged or raw sockets to
>either user==root or groups includes "priv_socket_group".

This is the right way to do it.
But beware of the subtelties of the setuid() function. It works
different under root and a normal user-id.

? Does someone have a precise description how to use setuid() ?

>Would vendors support this?  We don't have access to Sun kernel source
>code anymore here.

Vendor support does not depend wheather you have the source code.
If you stick to e.g. X/OPEN, you will have vendor support.
The X/OPEN XPG 3 specification is the same as in System V.3, but not
complete and partially misleading.

>I understand that some people may have objections to the piece-meal
>addition of finer-granularity access rights to Unix.

I think that this is correct usage of the existing security features,
and nothing else.
All those people using root whenever they need privileges without
considering 'least privileges' are misusing the system.
--
Rainer Glaschick, NIXDORF Computer AG, Paderborn, W-Germany
EMail: glaschick.pad at nixdorf.com (US) or  glaschick.pad at nixdorf.de (EU)
Tel. +49 5251 14 6150 (office) +49 5254 6238  (home) Fax: +49 5251 14 6569