Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » DSDP - Target Management » Using privileged ports for RSE
Using privileged ports for RSE [message #36693] Wed, 01 July 2009 11:47 Go to next message
Denise Schmidt is currently offline Denise SchmidtFriend
Messages: 66
Registered: July 2009
Member
Is there a limitation on using privileged ports (<1024) for the
serverPortRange for RSE? We can use a privileged port for the daemon port
but when we tried using privileged ports for the serverPortRange, it looks
like it answers the connection request, but the connection fails.

We are attempting this in an effort to make the connections more secure so
if there is some limitation, we are interested in how we could remove the
limitation.

Thanks.
Re: Using privileged ports for RSE [message #36897 is a reply to message #36693] Thu, 02 July 2009 15:06 Go to previous messageGo to next message
David McKnight is currently offline David McKnightFriend
Messages: 244
Registered: July 2009
Senior Member
Hi Denise,

The RSE dstore server doesn't distinguish between privileged and
non-privileged ports so I'm not sure what's causing the connection to fail
in this case.

Dave


"Denise Schmidt" <denise.schmidt@lmco.com> wrote in message
news:54182907978dce56be59393be8a5b7bb$1@www.eclipse.org...
> Is there a limitation on using privileged ports (<1024) for the
> serverPortRange for RSE? We can use a privileged port for the daemon port
> but when we tried using privileged ports for the serverPortRange, it looks
> like it answers the connection request, but the connection fails.
>
> We are attempting this in an effort to make the connections more secure so
> if there is some limitation, we are interested in how we could remove the
> limitation.
>
> Thanks.
>
Re: Using privileged ports for RSE [message #36930 is a reply to message #36897] Thu, 02 July 2009 16:04 Go to previous messageGo to next message
Denise Schmidt is currently offline Denise SchmidtFriend
Messages: 66
Registered: July 2009
Member
In order to bind a socket to a privileged port, the process must be
running as root. So I think it must be failing because the server process
is running as the client user ID (auth.pl does an "su" to the client user
ID to spawn the server). I assume that the server runs as the client user
ID for a reason (exporting the client environment, client permissions,
etc).

So my next question would be is there a way that the server could maybe
start executing as root to bind the socket and make the connection, then
switch to the client user ID to get the proper environment and do the
remaining "real" work? Could that work or would there still be problems
sending data over the port?
Re: Using privileged ports for RSE [message #36964 is a reply to message #36930] Thu, 02 July 2009 18:23 Go to previous message
David McKnight is currently offline David McKnightFriend
Messages: 244
Registered: July 2009
Senior Member
"Denise Schmidt" <denise.schmidt@lmco.com> wrote in message
news:863819bfe4506ac862880afe40272127$1@www.eclipse.org...
> In order to bind a socket to a privileged port, the process must be
> running as root. So I think it must be failing because the server process
> is running as the client user ID (auth.pl does an "su" to the client user
> ID to spawn the server). I assume that the server runs as the client user
> ID for a reason (exporting the client environment, client permissions,
> etc).

That would explain it then. The daemon needs to be run as root but the
servers that gets started as run as the client user.

> So my next question would be is there a way that the server could maybe
> start executing as root to bind the socket and make the connection, then
> switch to the client user ID to get the proper environment and do the
> remaining "real" work? Could that work or would there still be problems
> sending data over the port?
>

At the moment there is no ability to for the server to start executing as
root and then switch to the client user.
Re: Using privileged ports for RSE [message #581650 is a reply to message #36693] Thu, 02 July 2009 15:06 Go to previous message
David McKnight is currently offline David McKnightFriend
Messages: 244
Registered: July 2009
Senior Member
Hi Denise,

The RSE dstore server doesn't distinguish between privileged and
non-privileged ports so I'm not sure what's causing the connection to fail
in this case.

Dave


"Denise Schmidt" <denise.schmidt@lmco.com> wrote in message
news:54182907978dce56be59393be8a5b7bb$1@www.eclipse.org...
> Is there a limitation on using privileged ports (<1024) for the
> serverPortRange for RSE? We can use a privileged port for the daemon port
> but when we tried using privileged ports for the serverPortRange, it looks
> like it answers the connection request, but the connection fails.
>
> We are attempting this in an effort to make the connections more secure so
> if there is some limitation, we are interested in how we could remove the
> limitation.
>
> Thanks.
>
Re: Using privileged ports for RSE [message #581662 is a reply to message #36897] Thu, 02 July 2009 16:04 Go to previous message
Denise Schmidt is currently offline Denise SchmidtFriend
Messages: 66
Registered: July 2009
Member
In order to bind a socket to a privileged port, the process must be
running as root. So I think it must be failing because the server process
is running as the client user ID (auth.pl does an "su" to the client user
ID to spawn the server). I assume that the server runs as the client user
ID for a reason (exporting the client environment, client permissions,
etc).

So my next question would be is there a way that the server could maybe
start executing as root to bind the socket and make the connection, then
switch to the client user ID to get the proper environment and do the
remaining "real" work? Could that work or would there still be problems
sending data over the port?
Re: Using privileged ports for RSE [message #581678 is a reply to message #36930] Thu, 02 July 2009 18:23 Go to previous message
David McKnight is currently offline David McKnightFriend
Messages: 244
Registered: July 2009
Senior Member
"Denise Schmidt" <denise.schmidt@lmco.com> wrote in message
news:863819bfe4506ac862880afe40272127$1@www.eclipse.org...
> In order to bind a socket to a privileged port, the process must be
> running as root. So I think it must be failing because the server process
> is running as the client user ID (auth.pl does an "su" to the client user
> ID to spawn the server). I assume that the server runs as the client user
> ID for a reason (exporting the client environment, client permissions,
> etc).

That would explain it then. The daemon needs to be run as root but the
servers that gets started as run as the client user.

> So my next question would be is there a way that the server could maybe
> start executing as root to bind the socket and make the connection, then
> switch to the client user ID to get the proper environment and do the
> remaining "real" work? Could that work or would there still be problems
> sending data over the port?
>

At the moment there is no ability to for the server to start executing as
root and then switch to the client user.
Previous Topic:hidden files do not show on remote server
Next Topic:Cygwin Support?
Goto Forum:
  


Current Time: Thu Mar 28 17:45:49 GMT 2024

Powered by FUDForum. Page generated in 0.04617 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top