zoneserver logfile question

Remco Rijnders remco at webconquest.com
Sat Sep 5 01:20:22 EDT 2009


> I took a look at my logfile. There I can find a lot of entries like this:
>
> ... /usr/sbin/zoneserver: Log: Root directory changed
> ... /usr/sbin/zoneserver: Log: Socket opened on TCP port 53
> ... /usr/sbin/zoneserver: Log: Root privileges dropped
> ... /usr/sbin/zoneserver: Log: Awaiting data on port 53
> ... /usr/sbin/zoneserver: Log: Message received, processing
>
> What does it mean that root privileges are dropped?

On most unix systems port numbers under 1024 are privileged. This means
that you have to be the root user in order to be allowed to make use of
them, a normal user is not allowed to 'bind' to those ports.

While there are reasons for this limitation on multi user systems, it does
mean that programs bind to those ports are running as the root user.
Should someone be able to find an exploit in the code for a server
listening on one of those ports, it means they can execute code as the
root user and have full access to everything on your system. You'll
appreciate that this is a security concern.

What maradns (and many server programs like it) do is to start as root
user, bind to one of those privileged ports, then once that socket is
acquired, switch to a normal user (dropping root privileges) and continue
running like that. In the event that someone find an exploit in the code
now, they only have access to the files and processes that the maradns
user has access to and can do far less harm than someone with root
privileges.

I hope this clarifies.

Kind regards,

Remco Rijnders



More information about the list mailing list