Re: [Gnump3d-users] Is port 80 a security issue when root?

[David Campbell]

address@hidden wrote:
> > From: Benjamin Peter <address@hidden>
> > Date: 2008/02/12 Tue AM 10:50:00 CST
> > Cc: address@hidden
> > Subject: Re: [Gnump3d-users] Is port 80 a security issue when root?
>
> > Hi,
> >
> > address@hidden wrote:
> > > I want to run my gnump3d server on the typical port 80 so that my users don't 
> > > need to type in ports and some firewalls don't block access to my server.  I've 
> > > been running it in Slackware Linux for about 2 years now.  I changed 
> > > /etc/gnump3d/gnump3d.conf so that port is 80 but saw the comment in there that 
> > > the user has to be root to run on port 80.  Why?  Is running the server as root 
> > > with a command line only interface and iptables firewall a security issue?
> > this is a Linux restriction, only privileged users may open incoming
> > ports from 1 to 1024.
> >
> > A work around from an implementation point of view would be to open the
> > port as root and then fork to an unprivileged user to serve the clients.
> >
> >
> > Ben.
>
> I see the rationale...so how does root open a port for other users?  After this 
> is done, would I just use gnump3d.conf set up with user nobody on port 80?


/sbin/iptables -t nat -A PREROUTING -i eth+ -p tcp --dport 80 -j 
REDIRECT --to-port 8080

Much much easier

Dave