privatecollaborator icon indicating copy to clipboard operation
privatecollaborator copied to clipboard

Published 20 hours ago verified publisher icon putsi

Make collaborator use less-privileged user

Open putsi opened this issue 6 years ago • 2 comments
trafficstars

Even though the instance is assumed to be a burner, make it use something less-privileged than the root-user.

putsi avatar May 25 '19 11:05 putsi

This requires the use of high-ports and related iptables rules.

The only way I found is by using something like:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 50080

Is there any other effective way?

Merenon avatar Sep 10 '19 08:09 Merenon

There are some other ways such as using authbind and CAP_NET_BIND_SERVICE (https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443) but I'm not sure if these are better in any way.

putsi avatar Sep 11 '19 18:09 putsi