UidBind

UidBind is a simple module allows call to bind() function only to uid/gid defined in a configfs tree.
Download

UidBind Ranking & Summary

Advertisement

  • Rating:
  • License:
  • GPL
  • Price:
  • FREE
  • Publisher Name:
  • Roberto De Ioris
  • Publisher web site:
  • http://projects.unbit.it/uidbind/

UidBind Tags


UidBind Description

UidBind is a simple module allows call to bind() function only to uid/gid defined in a configfs tree. UidBind is a simple module allows call to bind() function only to uid/gid defined in a configfs tree.Example: Admin joe has loaded the uidbind module, then User sam (with uid 1017) tries bind() on port 8081: sam@hell:~$ nc -l -p 8081 Can't grab 0.0.0.0:8081 with bind : Operation not permitted Now, Admin joe goes to /config/uidbind and... root@hell:/config/uidbind: mkdir 8081 root@hell:/config/uidbind: cat 8081/uid 0 root@hell:/config/uidbind: echo 1017 >8081/uid root@hell:/config/uidbind: cat 8081/uid 1017 ...then User sam retries binding: sam@hell:~$ nc -l -p 8081 ...now it works and sam is happy Admin joe has 2 ipv4 addresses configured on his server (192.168.1.2 and 192.168.1.3) and he wants to assign port 8082 to 2 different users:tom (uid 1017) and rob (uid 1026) root@hell:/config/uidbind: mkdir 8082 root@hell:/config/uidbind: mkdir 8082/192.168.1.2 root@hell:/config/uidbind: mkdir 8082/192.168.1.3 root@hell:/config/uidbind: echo 1017 > 8082/192.168.1.2/uid root@hell:/config/uidbind: echo 1026 > 8082/192.168.1.3/uid ...now tom can bind port 8082 on address 192.168.1.2 and rob on address 192.168.1.3. But Admin joe is paranoid and knows that rob needs only port 8082 on udp: root@hell:/config/uidbind: echo 0 > 8082/192.168.1.3/uid root@hell:/config/uidbind: echo 1026 > 8082/192.168.1.3/udp_uid Admin joe now wants to allow bind() on port 8083 to all members of group "binders" (gid 1717): root@hell:/config/uidbind: mkdir 8083 root@hell:/config/uidbind: echo 1717 >8083/gid ...but User dom (uid 1030) needs to bind() on all udp ports still unconfigured by Admin joe: root@hell:/config/uidbind: mkdir all root@hell:/config/uidbind: echo 1030 >all/udp_uid Admin joe now wants that only python scripts owned by User dom can bind() on port 8017: root@hell:/config/uidbind: mkdir 8017 root@hell:/config/uidbind: echo 1030 >8017/uid root@hell:/config/uidbind: echo python >8017/comm


UidBind Related Software

About SoftwareSea