“Authbind”的意思、由来-开放百科全书

词条

Authbind

释义

Alternatives
See also
References
External links

{{Orphan|date=October 2011}}{{Lowercase}}{{Infobox Software
|name = authbind
|logo =
|screenshot =
|caption =
|collapsible =
|author = Ian Jackson
|developer =
|released = {{Start date and age|1998|08|29}}
|latest release version = 2.1.2
|latest release date = {{Start date and age|2017|01|22}}
|latest preview version =
|latest preview date =
|programming language = C
|operating system = Unix-like
|platform = Cross-platform{{which|date=August 2013}}
|size =
|language =
|genre = System utility
|license = GNU General Public License
|website = {{URL|www.chiark.greenend.org.uk/ucgi/~ian/git/authbind.git/|upstream git}}
{{URL|ftp.debian.org/debian/pool/main/a/authbind/|Debian archive (official location for upstream tarballs)}}
}}

authbind is an Open-source system utility written by Ian Jackson and is distributed under the GNU General Public License.^[1] The authbind software allows a program that would normally require superuser privileges to access privileged network services to run as a non-privileged user. authbind allows the system administrator to permit specific users and groups access to bind to TCP and UDP ports below 1024.^[2] Ports 0 - 1023 are normally privileged and reserved for programs that are run as the root user. Allowing regular users limited access to privileged ports helps prevent possible privilege escalation and system compromise if the software happens to contain software bugs or is found to be vulnerable to unknown exploits.

authbind achieves this by defining the LD_PRELOAD environment variable which loads a libauthbind library. This library overrides the bind() call with a version that executes a setuid helper program (/usr/lib/authbind/helper) with the socket as file descriptor 0. The helper validates its arguments and checks its configuration, calls the real bind() system call on file descriptor 0 (which also affects the original process's socket), and exits, allowing the original process to continue with the socket bound to the requested address and port.

authbind is currently distributed with the Debian and Ubuntu Linux distributions.^[3]^[4]

Alternatives

The Linux kernel's implementation of POSIX capabilities includes the CAP_NET_BIND_SERVICE which allows either explicitly enabled binaries (with "setcap CAP_NET_BIND_SERVICE+ep /path/to/binary") or binaries configured to accept the capability from the invoking user's capability set ("setcap CAP_NET_BIND_SERVICE+ei /path/to/binary") if available, making userland software unnecessary for binding to lower numeral ports. Linux capabilities, however were not introduced until the latter half of 1999, more than a year after authbind's release, and (similar to setuid/setgid) can not be set on scripts. Both these explain why the software was initially developed.

References

1. ^{{cite web| url = http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=authbind.git;a=tree;f=debian;h=1ca4c03904b17555e5819ffbda6b969c27f8f48f;hb=HEAD| title = authbind "debian" metadata directory as of 2012-06-30| accessdate = 2009-07-10}}
2. ^{{cite book| last = Hunger| first = Steve| authorlink = | title = Debian GNU/Linux Bible| edition = 2nd| date = 2001-05-01| publisher = John Wiley & Sons| location = Hoboken, New Jersey| isbn = 0-7645-4710-0| page = 609| chapter = }}
3. ^{{cite web| url = http://packages.debian.org/search?keywords=authbind&searchon=names&suite=all§ion=all| title = Debian authbind packages| accessdate = 2009-03-13}}
4. ^{{cite web| url = http://packages.ubuntu.com/search?keywords=authbind&searchon=names&suite=all§ion=all| title = Ubuntu authbind packages| accessdate = 2009-03-13}}

External links

Debian authbind packages
Ubuntu authbind packages

随便看

开放百科全书收录14589846条英语、德语、日语等多语种百科知识，基本涵盖了大多数领域的百科知识，是一部内容自由、开放的电子版国际百科全书。

Alternatives

See also

References

External links