LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   port (https://www.linuxquestions.org/questions/linux-general-1/port-4175657539/)

lelunicu 07-17-2019 05:06 AM
port
 
hi,
let`s say an application listen on port 50 and run with root user.
If somebody external has access to the socket on which this application is bond how this hacker will receive root access?
tnx

pan64 07-17-2019 06:20 AM
that depends on the app, nothing else. So we cannot tell you.

wpeckham 07-17-2019 06:44 AM
Quote:
Originally Posted by lelunicu (Post 6015788)
hi,
let`s say an application listen on port 50 and run with root user.
If somebody external has access to the socket on which this application is bond how this hacker will receive root access?
tnx
#1, well behaved, secure application may be started by root but run with restricted authority.
#2, your question is so very general, the port is irrelevant. IT is listening on a port is enough.
#3, the way someone would aquire root access depends entirely upon the application. If it intenionally or through a flaw in the design or code allows either direct access, indirect access, or execution of a flawed read that can be used (as one example)to execute external code using a buffer or block overflow condition, then it might be used either for access or for forcing a denial of service condition. It is not that the application is listening, it is what it DOES when it is listening and connections are used. The application behavior is the vulnerability.

Applications that listen for network connections are secured by reducing authority (see #1 above), reducing network exposure (only allowing connections from known safe nodes or networks), and secure coding of the application so that it does not constitute a vulnerability. Recently a new option has been added: run the application in a container so that it has no access to the host. This is the "ok, I know I have flaws, so leave the door unlocked and let anyone break into this jail cell and join me" option. The risk is that access to the container MAY be used to advance other attacks or with a container flaw to escalate to the host.

[edit] is this homework? Because it just struck me that this is the kind of basic question that miht be asked in "security 101, preperation for the program" on day 2.

dugan 07-17-2019 01:54 PM
Quote:
Originally Posted by lelunicu (Post 6015788)
hi,
let`s say an application listen on port 50 and run with root user.
If somebody external has access to the socket on which this application is bond
It is not possible for an external user to have access to that socket.

This is the correct answer. You see that "Thread Tools" dropdown? There's an option to mark the thread as "solved". Choose it.

lelunicu 07-18-2019 02:50 AM
i will chose the option -solved-but not because you written it.this is only that i like to chose it-no answer is right.

dugan 07-18-2019 11:14 AM
Quote:
Originally Posted by lelunicu (Post 6016124)
i will chose the option -solved-but not because you written it.this is only that i like to chose it-no answer is right.
Nonsense. I gave you the correct answer.

If you do not understand that, then think about it until you do.

wpeckham 07-19-2019 05:39 AM
Quote:
Originally Posted by dugan (Post 6015950)
It is not possible for an external user to have access to that socket.

This is the correct answer. You see that "Thread Tools" dropdown? There's an option to mark the thread as "solved". Choose it.
Actually, it would be quite easy for me to give an external user access to that socket. IF I could, then someone else could. What exactly are you thinking about when you say that "It is not possible..."?

dugan 07-19-2019 07:46 AM
I forgot that open sockets showed up in /proc.

Sorry


All times are GMT -5. The time now is 05:04 PM.