确保 root 用户正在运行尝试连接服务器程序的客户端程序
我有一个监听特定端口的服务器程序。 我有一个要求,尝试连接到我的服务器的客户端程序必须由根用户启动。 我如何在服务器程序中确保这一点?
I have a server program which listens on a particular port.
I have a requirement where client program that tries to connect to my server must be initiated by a root user.
How do I ensure this in the server program?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
你不能。如果您的安全模型要求服务器知道客户端是否是root,那么您就没有安全性。
让我们考虑一种可能性:您的网络协议包含这样的通知:
您的客户端(您编写的完全安全的版本)可能会像这样实现此通知:
但是,我的客户端(我在您不知情或未经您同意的情况下编写的版本)将实现像这样的通知:
小测验:你的服务器如何知道它是在与你诚实的客户端交谈,还是与我说谎的客户端交谈?答:不可以。事实上,如果您概括这个概念,您就会意识到服务器不能依赖客户端任何的有效性(无论是真实性、格式、范围检查等)说。
在这种特定情况下,使用客户端源端口号与任何其他选择一样不可靠。是的,许多操作系统需要 root 权限才能绑定到编号较小的源端口。但我的电脑可能没有运行您最喜欢的操作系统。我可能是从运行自己操作系统的自己的电脑进行连接,但该操作系统没有该功能。请记住:您不能相信客户所说的任何事情。
有一些涉及公钥加密的技术可用于保证您正在交谈的程序可以访问特定的秘密。假设秘密得到充分保护,可以用来保证特定的人、计算机或帐户生成请求。我会让其他人讨论 PKI 以及它如何适用于您的情况。
You can't. If your security model requires the server to know whether client is root, you don't have security.
Let's consider one possibility: your network protocol includes a notification like this:
Your client, the perfectly secure version that you wrote, might implement this notification like this:
But, my client, the one what I wrote without your knowledge or consent, will implement the notification like this:
Pop quiz: how can your server know whether it is talking to your truthful client, or my lying client? Answer: it can't. In fact, if you generalize this concept, you realize that the server can't rely upon the validity (whether that means the truthfulness, the format, the range-checking, etc.) of anything the client says.
In this specific case, using the clients source port number is as unreliable as any other choice. Yes, many operating systems require root privileges to bind to low-numbered source ports. But my PC might not be running your favorite operating system. I might be connecting from my own PC running my own OS which doesn't have that feature. Remember: you can't trust anything the client says.
There are techniques involving public-key encryption that can be used to guarantee that the program you are talking to has access to specific secrets. That, assuming that the secrets are adequately protected, can be used to guarantee that a specific person, computer, or account generated the request. I'll let someone else discuss PKI and how it might apply to your situation.
客户端在连接之前应绑定到低于 1024 的端口。此端口范围是为 root 保留的。
The client should bind to a port below 1024 before connecting. This port range is reserved for root.