Re: Re: [LIH]Blocking users from running their

Thu, 13 Apr 2006 02:56:02 -0700 

On 13/04/06, Ajitabh Pandey <[EMAIL PROTECTED]> wrote:
> True. The program normall works like
>
> (a.) Listen for connections on a certain port
> (b.) Connections comes in, aceepts and then fork a new
> process
> (c.) Continues to listen for connections.
>
> Isnt this a daemon. These are all perl scripts.

Nope, that doesn't make a program a daemon. As usual, Wikipedia has a
good article on daemons:

http://en.wikipedia.org/wiki/Daemon_%28computer_software%29

What you describe is a listener (term I borrowed from Oracle). Most
listeners are daemons too (but would have configuration options to
disable that - check -X option to apache, for example), but daemons
needn't be listeners (crond, which is a poller rather than a
listener).

To your problem, one way would be LD_PRELOAD a custom library that
would disable access to the listen()/accept() system calls for
non-root users. I was looking at Linux capabilities, but didn't find
anything that could specifically disable those two system calls.

Another way would be to block all ports by iptables that you don't
need. What use is a listener if you cannot access it over the TCP/IP
stack?

Binand


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
_______________________________________________
linux-india-help mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/linux-india-help

Reply via email to