misc/64694: UID/GID matching in ipfw non-functional
Robert Watson
rwatson at FreeBSD.org
Mon Mar 29 10:40:03 PST 2004
The following reply was made to PR misc/64694; it has been noted by GNATS.
From: Robert Watson <rwatson at FreeBSD.org>
To: Grant Millar <Co0lkizz at btinternet.com>
Cc: freebsd-gnats-submit at FreeBSD.org
Subject: Re: misc/64694: UID/GID matching in ipfw non-functional
Date: Mon, 29 Mar 2004 13:33:21 -0500 (EST)
On Sat, 27 Mar 2004, Grant Millar wrote:
> Here is the ssh socket showing it owned by root;
> sshd 4722 root 5u IPv4 0xdcd94940 0t0 TCP
> 66.90.98.2:ssh->host81-128-227-64.inaddr.btopenworld.com:22804
> (ESTABLISHED)
sshd and httpd sockets are owned by root because these daemons bind the
sockets while running with root privilege, and the "owner" of a socket is
its creator. This is a necessary evil for at least a couple of reasons,
including the following: a single socket may be referenced by many
processes, and therefore there is no notion of a "current process using
socket", so the only consistent notion is the creator. This was an
intentional design choice by the designers of the sockets API, who chose
to represent network endpoints as file-like objects, and the existing UNIX
APIs allow file object references to be inheritted and transfered from
process to process (and be shared).
There's arguably a bug, however, in sshd: while the primary port 22
binding is necessarily created by a root process due to the UNIX notion of
privilege, the SHS "forwarded ports" do *not* need to be bound by the root
user. It's a bug in sshd that it creates the sockets before switching to
the user credential; I've previously reported this bug to the SSH authors
but have not seen a response on that.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Senior Research Scientist, McAfee Research
More information about the freebsd-bugs
mailing list