[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pserver without root access
From: |
Larry Jones |
Subject: |
Re: pserver without root access |
Date: |
Mon, 12 Mar 2001 10:44:55 -0500 (EST) |
Tom Nott writes:
>
> I'd like to run a pserver on a box on which I don't have root access.
> All the docmentation I've seen seems to imply root is needed.
>
> Is what I want to do possible?
Certainly. You can run inetd without being root, you'll just have to
use an alternate configuration file; or you can use an inetd replacement
like tcpserver.
> Are there any security issues involved?
Yes, although they're not a serious (from a system standpoint) as when
you run as root.
> I know that cvs wont be able to setuid(), so it will have to run under
> my UID. I'm a real newbie to CVS and need to know just how much of the
> system can be accesed under my UID with CVS. Is it impossible for others
> to access anything above $CVSROOT or run any programs under my UID?
There are some known exploits that allow listing directories outside
$CVSROOT, but I don't know of any way to read or write files outside of
$CVSROOT. If you have modules that run module programs (or allow people
to define modules), it is possible for someone to run an arbitrary
program under your UID.
-Larry Jones
Like I'm going to get any sleep NOW. -- Calvin