[Date Prev][Date Next] [Chronological] [Thread] [Top]

Slapd should give up root permission after binding the socket (ITS#98)

To: openldap-its@OpenLDAP.org
Subject: Slapd should give up root permission after binding the socket (ITS#98)
From: patl@phoenix.volant.org
Date: Wed, 10 Mar 1999 01:42:18 GMT

Full_Name: Pat lashley
Version: 1.2.0
OS: FreeBSD 3.1R
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (205.179.79.194)


Under the most common usage SLAPD has no reason to run as root except to bind
to
the privileged socket.  Once that has been done, it could easily irrevocably
give
up root permissions; thereby reducing the potential damage of any security
exploits
in the bulk of the code.

It would be very easy to add user and group commands to the slapd.conf file to
indicate that root privileges should be surrendered and the daemon should
continue
to run as the specified user and group.  The default behavour if no user or
group
is specified should be to retain root privileges.  (I.e. Run as it does now.)
This provides complete backwards compatability.

Surrendering root privileges should not affect the use of ldbm databases at all
(assuming that the underlying files are readable by the new user/group.)

On systems using shadow passwords or similar schemes, it will probably prevent
passwd back-ends from retrieving the encrypted user password from the system.
(This may be construed as a feature, depending upon the site's intended usage
of the LDAP access to the passwd database.)

It will also interfere with shell back-ends which require root privileges to
operate properly.  On the other hand, it should improve the security of those
that may run as non-privileged users.

Prev by Date: General slapd backend enhancement (ITS#97)
Next by Date: Re: Slapd should give up root permission after binding the socket (ITS#98)
Index(es):
- Chronological
- Thread