Authbind
   HOME

TheInfoList



Click Here for Items Related To - Authbind
OR:
Authbind on:   [Wikipedia]   [Google]   [Amazon]

authbind is an open-source system utility written by
Ian Jackson Ian Jackson is a longtime free software author and Debian developer. Jackson wrote dpkg (replacing a more primitive Perl tool with the same name), SAUCE (Software Against Unsolicited Commercial Email), userv and debbugs. He used to maintain the ...
and is distributed under the
GNU General Public License The GNU General Public License (GNU GPL or simply GPL) is a series of widely used free software licenses that guarantee end users the four freedoms to run, study, share, and modify the software. The license was the first copyleft for general ...
. The authbind
software Software is a set of computer programs and associated software documentation, documentation and data (computing), data. This is in contrast to Computer hardware, hardware, from which the system is built and which actually performs the work. ...
allows a
program Program, programme, programmer, or programming may refer to: Business and management * Program management, the process of managing several related projects * Time management * Program, a part of planning Arts and entertainment Audio * Progra ...
that would normally require superuser privileges to access privileged network services to run as a non-privileged user. authbind allows the
system administrator A system administrator, or sysadmin, or admin is a person who is responsible for the upkeep, configuration, and reliable operation of computer systems, especially multi-user computers, such as servers. The system administrator seeks to en ...
to permit specific
users Ancient Egyptian roles * User (ancient Egyptian official), an ancient Egyptian nomarch (governor) of the Eighth Dynasty * Useramen, an ancient Egyptian vizier also called "User" Other uses * User (computing) A user is a person who ...
and groups access to bind to TCP and UDP ports below 1024.
Ports A port is a maritime facility comprising one or more wharves or loading areas, where ships load and discharge cargo and passengers. Although usually situated on a sea coast or estuary, ports can also be found far inland, such as H ...
0 - 1023 are normally privileged and reserved for programs that are run as the
root In vascular plants, the roots are the organs of a plant that are modified to provide anchorage for the plant and take in water and nutrients into the plant body, which allows plants to grow taller and faster. They are most often below the su ...
user. Allowing regular users limited access to privileged ports helps prevent possible
privilege escalation Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The re ...
and system compromise if the software happens to contain software bugs or is found to be vulnerable to unknown exploits. authbind achieves this by defining the
LD_PRELOAD In computing, a dynamic linker is the part of an operating system that loads and links the shared libraries needed by an executable when it is executed (at "run time"), by copying the content of libraries from persistent storage to RAM, fillin ...
environment variable which loads a libauthbind library. This library overrides the bind() call with a version that executes a setuid helper program (/usr/lib/authbind/helper) with the socket as file descriptor 0. The helper validates its arguments and checks its configuration, calls the real bind() system call on file descriptor 0 (which also affects the original process's socket), and exits, allowing the original process to continue with the socket bound to the requested address and port. authbind is currently distributed with the Debian and
Ubuntu Ubuntu ( ) is a Linux distribution based on Debian and composed mostly of free and open-source software. Ubuntu is officially released in three editions: '' Desktop'', ''Server'', and ''Core'' for Internet of things devices and robots. All ...
Linux distributions.


Alternatives

* The Linux kernel's implementation of POSIX capabilities includes the CAP_NET_BIND_SERVICE which allows either explicitly enabled binaries (with "setcap CAP_NET_BIND_SERVICE+ep /path/to/binary") or binaries configured to accept the capability from the invoking user's capability set ("setcap CAP_NET_BIND_SERVICE+ei /path/to/binary") if available, making userland software unnecessary for binding to lower numeral ports. Linux capabilities, however were not introduced until the latter half of 1999, more than a year after authbind's release, and (similar to setuid/setgid) cannot be set on scripts. Both these explain why the software was initially developed.


See also

*
chroot A chroot on Unix and Unix-like operating systems is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name (and therefore normall ...
*
Operating system-level virtualization OS-level virtualization is an operating system (OS) paradigm in which the kernel allows the existence of multiple isolated user space instances, called ''containers'' ( LXC, Solaris containers, Docker, Podman), ''zones'' (Solaris containers), ' ...
*
FreeBSD jail The jail mechanism is an implementation of FreeBSD's OS-level virtualisation that allows system administrators to partition a FreeBSD-derived computer system into several independent mini-systems called ''jails'', all sharing the same kernel, with ...
* Sysjail *
Solaris Containers Solaris Containers (including Solaris Zones) is an implementation of operating system-level virtualization technology for x86 and SPARC systems, first released publicly in February 2004 in build 51 beta of Solaris 10, and subsequently in the fi ...
* LOMAC


References

{{reflist


External links


Debian authbind packages

Ubuntu authbind packages
Free software programmed in C Cross-platform free software Linux network-related software Linux security software Unix network-related software Computer security software