Need a way to change user/group after listening sockets are opened #415
Comments
|
This functionality is already provided by core linux utilities. If you are using systemd, there are many hardening options. You can set the AmbientCapabilities field, you can set User and Group, there are also many other systemd-specific hardening features that I am not even familiar with. Personally I am using runit and it also has its own implementation of changing user/group of services. I just run as group/user=nobody and have cap_net_bind_service set on the executable itself. This is probably somewhat less secure than setting cap_net_bind_service for the specific service only, but it's more than satisfying enough for my personal use. If you already knew all of this, and still want this functionality to be re-implemented in the program, then I am not in a position to comment with very much weight because I am just a user like you, but I would assume that duplication of existing functionality that's already provided elsewhere would needlessly increase code complexity. |
Yes, I know all this. You can set capabilities like this, but that is still not best. It's best to drop all capabilities that you do not need. And it's not that hard. But as you say, just having CAP_NET is certainly a lot better than having everything, and probably enough for most people. |
To open the necessary sockets, like 53, you need to run as root. However, once you have them opened, it's good security practice to drop privileges to some other user.
The text was updated successfully, but these errors were encountered: