You have stated correctly, that a process has to be root to open a low port (<1024). But modern and secure servers are only starting as root, opening the port and then dropping privileges. So a possible successful cracker finds himself being a small little user with no or nearly no rights on the system.
I e-mailed the programmer of my Java based FTP software and here is a summary of his reply to me: "If you were to set CrushFTP to launch during startup by a process owned by root...then you would be fine. Or, if you had another application owned by root that could kick off CrushFTP (like maybe Cron or something) it also wouldn't be an issue. However, the java code cannot do this itself." So can someone help me with this? How exactly would I get CrushFTP to launch by a process 'owned by root' or have something owned by root start it for me? - Eric One last question ... I know this is a KDE forum, but if I switched to Gnome would I be able to accomplish the same thing?
Hi Eric! I wrote you the solution via private mail already, but perhaps you misunderstood me. You can login as normal user, then open a terminal konsole and run: kdesu nameofCrushFTP -arg1 -arg2 Then you will get a input box asking for the root password and after that only CrushFTP is running as root. If that works fine, you can make a desktop icon that runs the line above. Daniel Am Dienstag, 4. März 2003 18:59 schrieb Eric Carbone:
You have stated correctly, that a process has to be root to open a low port (<1024). But modern and secure servers are only starting as root, opening the port and then dropping privileges. So a possible successful cracker finds himself being a small little user with no or nearly no rights on the system.
I e-mailed the programmer of my Java based FTP software and here is a summary of his reply to me:
"If you were to set CrushFTP to launch during startup by a process owned by root...then you would be fine. Or, if you had another application owned by root that could kick off CrushFTP (like maybe Cron or something) it also wouldn't be an issue. However, the java code cannot do this itself."
So can someone help me with this? How exactly would I get CrushFTP to launch by a process 'owned by root' or have something owned by root start it for me?
- Eric
One last question ... I know this is a KDE forum, but if I switched to Gnome would I be able to accomplish the same thing?
participants (2)
-
Daniel Eckl
-
Eric Carbone