| Sunny Suen 2004-04-20, 6:35 pm |
| Fletcher Glenn <fletcher@removethisfoglight.com> wrote in message news:<4085486D.3030304@removethisfoglight.com>...
> Sunny Suen wrote:
>
> Why would you ever write to a listen socket? Who would be the receiver
> of the message? When you do an accept(), you get a communications
> endpoint that is connected to another program. A bound listen socket
> is connected to no one.
It is the socket returned by accept() that the server is not permitted
to write to. Should have elaborated a bit more. What I mean is that
the server can create, bind and listen on a long-standing socket, from
which a new one is accepted and readable but not write-able whenever a
connection request is issued from a client. Hence, it's a standard
TCP/IP server process.
Another point I've forgotten to mention is that an Apache web server
is being smoothly run as a non root user on the system. So naturally,
the web server socket is write-able for this web server user account.
Looks like a kernel-level access control framework is in force
somewhere and somehow to harden the box. As a FreeBSD newbie, just
found that version 5.0/higher is capable of similar features, known
collectively as Mandatory Access Control (MAC). But the system in
question is FreeBSD 4.6, where MAC is absent.
Might as well settle on the guess that the kernel, or system calls, to
be exact, could have been patched by some customised hacks to deny the
write permission of any TCP socket to all non root users except some
special accounts, regardless of the sockets' ownership.
Appreciate any suggestions or comments.
|