PageViews: 970 hits / 132 nets

For whom do not want being a super-user for DeleGate

2014-06-02 Yutaka Sato

Indeed I hate being a super-user to run DeleGate and expect you also feel like me. At least it is tiresome to type "sudo" every time I invoke DeleGate to let it use privileged ports. You may think you can set the SETUID bit to the executable file of DeleGate to bypass the work. But the real problem is that it could be dangerous to run DeleGate under super-users' right having so much functionalities that can be dangerous if utilized by attackers.

Therefore by default DeleGate become owned by non-super-user immediately after finished binding of its entrance ports (specified as -P21). The owner can be specified with OWNER="User" parameter of which default is OWNER="nobody", when invoked by a super-user. DeleGate changes its process's owner not by effective-user but by real-user not to leave the ability to become anybody using setuid().

But unfortunately, you can't avoid running DeleGate as super-user for FTP-DeleGate when it needs repetitive binding to privileged port for each data connection through its run-time. Thus OWNER="root" was not avoidable in the case with old version of DeleGate.

What I introduced to solve the problem, in DeleGate/8.4.0, was "dgbind" as an external command just have capability to bind a socket to a port number under the super-user's right. It receives a file descriptor of a socket from DeleGate and bind it to a specified port. It uses SETUID bit indeed, but it is far less dangerous than setting SETUID to the executable of DeleGate.

Again, it is convenient for me to have the ability of binding out of DeleGate because I do make DeleGate so often, without doing "sudo" to set SETUID to the executable each time.

See HowToDG.html for how to setup dgbind.

Similar to dgbind, there are several dgXXX commands to be searched under DGROOT/subin and used by DeleGate. One of them is "dgpam" which is used to do PAM authentication under privileged user's right.

I hope you don't be super-user for DeleGate unless in the situation it is really necessary but I don't know such situation (except a platform where this device does not work, Solaris).


Yutaka Sato @ DeleGate.ORG