Re: [OFFTOPIC, yet related :)] Port access

From: Mark A. Heilpern (heilpern@MINDSPRING.COM)
Date: 11/03/98


At 08:09 AM 11/3/98 -0600, you wrote:
>What if you start circle as a startup process?

Starting the mud as a startup process will probably have it
start as root. As George said, you are best served if you drop
root privs at your earliest possibility. (Use the setuid() call.)

If you do not release the root UID and it is possible to cause your
mud to crash, then it is possible to force your mud do perform
arbitrary commands as root on your machine.

Note that even if your mud isn't running as root, if one can crash
you they can possibly cause your mud to execute arbitrary
commands as whatever UID it's running as. Backup early and
often.


>                On Sat, 31 Oct 1998, Jason Wilkins wrote:
>
>                >The only thing I can think of is to put your mud on some
>system port, like port 80 (HTTP), so that
>
>                You have to be root (on Unix) to bind to a port under 1024.
>
>                If you do have root, you'll want to be sure to drop root
>privs after you
>                bind().
>


     +------------------------------------------------------------+
     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     | http://democracy.queensu.ca/~fletcher/Circle/list-faq.html |
     +------------------------------------------------------------+



This archive was generated by hypermail 2b30 : 12/15/00 PST