authbind

From Wikipedia, the free encyclopedia
Jump to: navigation, search
authbind
Original author(s) Ian Jackson
Initial release August 29, 1998 (1998-08-29)
Stable release 2.1.1 / June 10, 2012; 2 years ago (2012-06-10)
Development status Active
Written in C
Operating system Unix-like
Platform Cross-platform[which?]
Type System utility
License GNU General Public License
Website upstream git Debian archive (official location for upstream tarballs)

authbind is an Open source system utility written by Ian Jackson and is distributed under the GNU General Public License.[1] The authbind software allows a program that would normally require superuser privileges to access privileged network services to run as a non-privileged user. authbind allows the system administrator to permit specific users and groups access to bind to TCP and UDP ports below 1024.[2] Ports 0 - 1023 are normally privileged and reserved for programs that are run as the root user. Allowing regular users limited access to privileged ports helps prevent possible privilege escalation and system compromise if the software happens to contain software bugs or is found to be vulnerable to unknown exploits.

authbind achieves this by defining the LD_PRELOAD environment variable.

authbind is currently distributed with the Debian and Ubuntu Linux distributions.[3][4]

Alternatives[edit]

  • The Linux kernel's implementation of POSIX capabilities includes the CAP_NET_BIND_SERVICE which allows either explicitly enabled binaries (with "setcap CAP_NET_BIND_SERVICE+ep /path/to/binary") or binaries configured to accept the capability from the invoking user's capability set ("setcap CAP_NET_BIND_SERVICE+ei /path/to/binary") if available, making userland software unnecessary for binding to lower numeral ports. Linux capabilities, however were not introduced until the latter half of 1999, more than a year after authbind's release, and (similar to setuid/setgid) can not be set on scripts. Both these explain why the software was initially developed.

See also[edit]

References[edit]

  1. ^ "authbind "debian" metadata directory as of 2012-06-30". Retrieved 2009-07-10. 
  2. ^ Hunger, Steve (2001-05-01). Debian GNU/Linux Bible (2nd ed.). Hoboken, New Jersey: John Wiley & Sons. p. 609. ISBN 0-7645-4710-0. 
  3. ^ "Debian authbind packages". Retrieved 2009-03-13. 
  4. ^ "Ubuntu authbind packages". Retrieved 2009-03-13. 

External links[edit]