zoneserver logfile question

Markus Ferlitsch m.ferlitsch at gmail.com
Mon Sep 7 13:41:37 EDT 2009


ok thanks! It sound logical! :-)

2009/9/5, Remco Rijnders <remco at webconquest.com>:
>
>> I took a look at my logfile. There I can find a lot of entries like this:
>>
>> ... /usr/sbin/zoneserver: Log: Root directory changed
>> ... /usr/sbin/zoneserver: Log: Socket opened on TCP port 53
>> ... /usr/sbin/zoneserver: Log: Root privileges dropped
>> ... /usr/sbin/zoneserver: Log: Awaiting data on port 53
>> ... /usr/sbin/zoneserver: Log: Message received, processing
>>
>> What does it mean that root privileges are dropped?
>
> On most unix systems port numbers under 1024 are privileged. This means
> that you have to be the root user in order to be allowed to make use of
> them, a normal user is not allowed to 'bind' to those ports.
>
> While there are reasons for this limitation on multi user systems, it does
> mean that programs bind to those ports are running as the root user.
> Should someone be able to find an exploit in the code for a server
> listening on one of those ports, it means they can execute code as the
> root user and have full access to everything on your system. You'll
> appreciate that this is a security concern.
>
> What maradns (and many server programs like it) do is to start as root
> user, bind to one of those privileged ports, then once that socket is
> acquired, switch to a normal user (dropping root privileges) and continue
> running like that. In the event that someone find an exploit in the code
> now, they only have access to the files and processes that the maradns
> user has access to and can do far less harm than someone with root
> privileges.
>
> I hope this clarifies.
>
> Kind regards,
>
> Remco Rijnders
>
>


More information about the list mailing list