Opening ports < 1024

[raevnos]

Right now, if someone wants to run a mush on a low port number for some reason, they have to run it as root. That seems mildly icky from a security standpoint. Thus:

Disallow running as root.

However, detect and allow a suid-root netmush. Only run with root permissions when bind()ing sockets and run as the user who actually started the server the rest of the time.

[Alan Schwartz]

Quoting Penndev (pennmush-bugs@pennmush.org):
> #7266: Opening ports < 1024
> ------------------------------+---------------------------------------------
> Reporter:  raevnos            |        Owner:  raevnos
>     Type:  suggested feature  |       Status:  new    
> Priority:  minor              |    Milestone:         
> Keywords:                     |   Visibility:  Public 
> ------------------------------+---------------------------------------------
>  Right now, if someone wants to run a mush on a low port number for some
>  reason, they have to run it as root. That seems mildly icky from a
>  security standpoint. Thus:
> 
>  Disallow running as root.
> 
>  However, detect and allow a suid-root netmush. Only run with root
>  permissions when bind()ing sockets and run as the user who actually
>  started the server the rest of the time.

No comments on the merit of the idea (although it does introduce
extra code which will need careful audit), but I disagree with the premise.

(a) On non-unix systems, they don't have to run as root, obviously.

(b) On unix systems, where they have root (which they must
    to do the suid thing), they can use iptables or equivalent
    to transparently NAT incoming connections on port 23 (or whatever)
    to go to the actual high-numbered port the mush is running on.

On the other hand, running netmush as root is so obviously stupid
that disallowing it as a security measure seems very reasonable,
whether or not you decide to allow an suid version to continue
running and drop privs.

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Javelin@M*U*S*H, once Paul@DuneMUSH | Alan Schwartz <dunemush@pennmush.org>
   (mush.pennmush.org 4201)         |     
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

[raevnos]

I hadn't thought of doing funky port-forwarding stuff. That's nifty: However, it's different on every OS, while suid-root stuff works on every unix. (I don't really care about Windows, as I'm sure you all know.).

I'll go and disable running as root now, leave the other for more discussion. It'll go in the autoconf branch (Speaking of which, I'm about ready to merge it into devel).