HomeForumsSoftwareTCP-over-DNS

Security

Mon, 06/28/2010 - 09:56 — dik23

I have this up and running using Ubuntu Lucid as the server side

It seems the Java server won't run properly unless it's started with sudo. If sudo is not used then I get a :

DNS Serve /0.0.0.0:53: java.net.BindException: Permission denied

Is there another way ? If not then how secure is this seeing as to be useful it'll have to run constantly.

D

Can't connect to the server ›
Sat, 09/18/2010 - 11:28 — tim

Port permissions

The bottom 1024 ports are protected in pretty much all versions of unix.

As far as security goes, it is very difficult to hijack any interpreted program that isn't making system calls / using a database / writing or reading files / instantiating reflected classes. Your JVM would have to have a huge security vulnerability at pretty much the network layer.

That being said, there is usually a way to allow an arbitrary user to open a low port. It sounds like you might be using Debian or Ubuntu, I believe that is probably the 'authbind' utility.

Alternatively, I'm working on polishing up a submitted patch that allows you to run the daemon with inetd, which seems to bypass the security issue (im still investigating it).

- Tim