Authbind
   HOME

TheInfoList



Click Here for Items Related To - Authbind
OR:
Authbind on:   [Wikipedia]   [Google]   [Amazon]

authbind is an
open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...
system utility written by Ian Jackson and is distributed under the GNU General Public License. The authbind software allows a program that would normally require
superuser In computing, the superuser is a special user account used for system administration. Depending on the operating system (OS), the actual name of this account might be root, administrator, admin or supervisor. In some cases, the actual name of t ...
privileges to access privileged
network service In computer networking, a network service is an application running at the network application layer and above, that provides data storage, manipulation, presentation, communication or other capability which is often implemented using a client†...
s to run as a non-privileged user. authbind allows the system administrator to permit specific users and groups access to bind to
TCP TCP may refer to: Science and technology * Transformer coupled plasma * Tool Center Point, see Robot end effector Computing * Transmission Control Protocol, a fundamental Internet standard * Telephony control protocol, a Bluetooth communication s ...
and UDP ports below 1024. Ports 0 - 1023 are normally privileged and reserved for programs that are run as the root user. Allowing regular users limited access to privileged ports helps prevent possible privilege escalation and system compromise if the software happens to contain
software bug A software bug is an error, flaw or fault in the design, development, or operation of computer software that causes it to produce an incorrect or unexpected result, or to behave in unintended ways. The process of finding and correcting bugs i ...
s or is found to be
vulnerable Vulnerable may refer to: General * Vulnerability * Vulnerability (computing) * Vulnerable adult * Vulnerable species Music Albums * ''Vulnerable'' (Marvin Gaye album), 1997 * ''Vulnerable'' (Tricky album), 2003 * ''Vulnerable'' (The Used album) ...
to unknown exploits. authbind achieves this by defining the LD_PRELOAD environment variable which loads a libauthbind library. This library overrides the bind() call with a version that executes a setuid helper program (/usr/lib/authbind/helper) with the socket as file descriptor 0. The helper validates its arguments and checks its configuration, calls the real bind() system call on file descriptor 0 (which also affects the original process's socket), and exits, allowing the original process to continue with the socket bound to the requested address and port. authbind is currently distributed with the
Debian Debian (), also known as Debian GNU/Linux, is a Linux distribution composed of free and open-source software, developed by the community-supported Debian Project, which was established by Ian Murdock on August 16, 1993. The first version of D ...
and Ubuntu
Linux distribution A Linux distribution (often abbreviated as distro) is an operating system made from a software collection that includes the Linux kernel and, often, a package management system. Linux users usually obtain their operating system by downloading one ...
s.


Alternatives

* The Linux kernel's implementation of POSIX capabilities includes the CAP_NET_BIND_SERVICE which allows either explicitly enabled binaries (with "setcap CAP_NET_BIND_SERVICE+ep /path/to/binary") or binaries configured to accept the capability from the invoking user's capability set ("setcap CAP_NET_BIND_SERVICE+ei /path/to/binary") if available, making userland software unnecessary for binding to lower numeral ports. Linux capabilities, however were not introduced until the latter half of 1999, more than a year after authbind's release, and (similar to setuid/setgid) cannot be set on scripts. Both these explain why the software was initially developed.


See also

* chroot * Operating system-level virtualization * FreeBSD jail *
Sysjail sysjail is a defunct user-land virtualiser for systems supporting the systrace library - as of version 1.0 limited to OpenBSD, NetBSD and MirOS. Its original design was inspired by FreeBSD jail, a similar utility (although part of the kernel) fo ...
* Solaris Containers *
LOMAC Low Water-Mark Mandatory Access Control (LOMAC) is a Mandatory Access Control model which protects the integrity of system objects and subjects by means of an information flow policy coupled with the subject demotion via floating labels. In LOMAC ...


References

{{reflist


External links


Debian authbind packages

Ubuntu authbind packages
Free software programmed in C Cross-platform free software Linux network-related software Linux security software Unix network-related software Computer security software