[erlang-questions] Priviliged ports and effective UID

Raimo Niskanen raimo+erlang-questions@REDACTED
Wed Oct 29 09:17:28 CET 2008


On Thu, Oct 23, 2008 at 07:35:01PM -0000, Kevin wrote:
> 
> 
> Hello, I can't find an answer to this anywhere.  In erlang how does one deal with the problem of starting erlang as root, binding to a privileged port, and then change the effective user id to something other than root.
> 
> In a daemon process written in c or even perl, a process is started by an init script, which is run as root, it then binds to port, 25, 80, etc, and then it sets its effective UID and effective GID to something more harmless, like httpd/httpd.
> 
> I know you can start the whole thing like su httpd -c erl, but this doesnt allow for binding to prilileged port first.
> 
> And please don't tell me to use open_port() or write a linked in driver :-)
> 
> Thanks

There is an old example program in the erlang release:
	erts/etc/unix/setuid_socket_wrap.c 
I do not know how well it is working, but it can(could) be
used to open priviliged ports and give them to a program,
e.g erl, as open file descriptors. These open file
descriptors can then be given to e.g gen_tcp.

Might be worth to have a look at.

> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://www.erlang.org/mailman/listinfo/erlang-questions

-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB



More information about the erlang-questions mailing list