Welcome, Guest! Log In | Create Account

Privbind is a small tool allowing secure running of unprivileged programs, but allowing them to bind to privileged (<1024) TCP/UDP ports. Privbind has a secure design, with no SUID executables and no daemons.

Download Now! privbind-1.1.tar.gz (319.5 KB) OR View all files

http://privbind.wiki.sourceforge.net/





Separate each tag with a space.

Release Date:

2007-06-16

Topics:

Security, Systems Administration

License:

GNU General Public License (GPL)

Ratings and Reviews

Be the first to post a text review of privbind. Rate and review a project by clicking thumbs up or thumbs down in the right column.

Project Feed

  • privbind 1.1 file released: privbind-1.1.tar.gz

    2007-06-16 Shachar Shemesh <thesun@users.sourceforge.net> * [r72] configure.ac: Update version information to 1.1 2007-06-13 Shachar Shemesh <thesun@users.sourceforge.net> * [r71] NEWS: Update the NEWS file to announce the release. * [r70] README, privbind.1: Update the docs regarding bugs that have been resolved * [r69] libprivbind.c: Fix bug on fcntl returning EINTR. 2007-06-12 Shachar Shemesh <thesun@users.sourceforge.net> * [r67] ChangeLog, authors: Update the changelog * [r66] configure.ac: Update version number to 1.0 * [r65] privbind.1: Document the "-l" flag in the man page 2007-06-08 Shachar Shemesh <thesun@users.sourceforge.net> * [r64] Makefile.am, configure.ac, main.c, test.c: Add multi process and multi thread tests to "test" Add a configure option "--enable-testing", for internal tests in privbind Add optional delay after each bind inside privbind (only if --enable-testing was used) 2007-06-06 Shachar Shemesh <thesun@users.sourceforge.net> * [r63] libprivbind.c: Implement mutex - not tested 2007-06-06 Amos Shapira <amosshapira@users.sourceforge.net> * [r62] ipc.h, libprivbind.c, main.c: reverted the changes to use mutex (r59) and to send number of calls left (r60) after Shachar mentioned the problem of the application forking and calling bind(2) from both processes * [r61] privbind.1: replace "root process" by "helper process". this is the tail of such changes I committed in previous checkin. * [r60] ipc.h, libprivbind.c, main.c: the helper process sends the number of calls left together with its reply, so the privbind library can cleanly avoid sending more requests * [r59] libprivbind.c: use a mutex to synchronize access to the socket with the helper process 2007-06-05 Shachar Shemesh <thesun@users.sourceforge.net> * [r58] privbind.1: Better wording of the last bug in the manual Reinstate a "How it works" section which gives a short description of what privbind does, and direct the user to the README for more details. * [r57] Makefile.am: Syntactic cleanup of Makefile.am Install the README file during "make install" 2007-06-05 Amos Shapira <amosshapira@users.sourceforge.net> * [r56] privbind.1: (hopefully) improved style, redeability and length of manual page * [r55] privbind.1: typo 2007-06-05 Nadav Har'el <nyh@users.sourceforge.net> * [r54] privbind.1: spelling 2007-06-05 Shachar Shemesh <thesun@users.sourceforge.net> * [r53] bootstrap: Reorder the operations in bootstrap so that they actually bootstrap * [r51] privbind.1: Update the "security considerations" section of the man page * [r50] ChangeLog, Makefile.am, configure.ac, libprivbind.c: Prevent the program from closing our communication socket Cleanup in auto-generation of "paths.h" * [r49] ChangeLog, README, privbind.1: Documentation improvements. Moved the "how it works" section from the man page to the README 2007-06-02 Shachar Shemesh <thesun@users.sourceforge.net> * [r48] ChangeLog, libprivbind.c: Cleanups of libprivbind. Improve the semantic behaviour. * [r47] Makefile.am: Make sure that "make test" can be used with different privbind and testbind parameters * [r46] Makefile.am, configure.ac, main.c: Add "test" target that tests privbind in place. Added "test-su" and "test-sudo" to automatically elevate to root for the test * [r45] Makefile.am, test.c: Make the test file more flexible. * [r44] ChangeLog, main.c, test.c: Switch the order of the processes. Parent now runs the command, child handles the binds * [r43] main.c: Code cleanup - split the parent and child code into separate functions * [r42] ChangeLog, Makefile.am, configure.ac, main.c, test.c: Better build of "test" - remove some warnings, add to makefile (and to "make dist"). Moved the preload library from */lib to */lib/privbind to reduce shared directory clutter 2007-06-01 Amos Shapira <amosshapira@users.sourceforge.net> * [r41] main.c: removed old '-d' option passed to getopts without being handled by main() 2007-06-01 Shachar Shemesh <thesun@users.sourceforge.net> * [r39] bootstrap, configure.ac: Cleanup warnings on "bootstrap" rerun disable (by default) creation of static libraries 2007-05-24 Amos Shapira <amosshapira@users.sourceforge.net> * [r38] bootstrap: made bootstrap an executable script * [r37] README: s/low/reserved ports 2007-05-23 Nadav Har'el <nyh@users.sourceforge.net> * [r36] README: Added a README * [r35] main.c: Change usage line a bit 2007-05-22 Amos Shapira <amosshapira@users.sourceforge.net> * [r34] main.c: more fixes to the assumption that gid 0 is illegal. I leave uid==0 alone since I'm not sure it makes sense to use this program and keep uid 0. * [r33] main.c: added missing help() function parameter type fixed test for gid value legality - zero is also a legal value * [r32] main.c: fix typo in fixed message * [r31] main.c: improved help message text for -g default 2007-05-22 Shachar Shemesh <thesun@users.sourceforge.net> * [r30] ChangeLog, Makefile.am, NEWS: Move the NEWS, which looked like a changelog, to ChangeLog Create a stub NEWS Update Makefile.am so that make dist will work 2007-05-22 Nadav Har'el <nyh@users.sourceforge.net> * [r29] NEWS: * [r28] Makefile.am, privbind.1: Add manual page 2007-05-21 Nadav Har'el <nyh@users.sourceforge.net> * [r27] main.c: Fix usage line to show that -g option is actually optional, not mandatory. * [r26] AUTHORS, NEWS, configure.ac, main.c, test.c: Some command line and other changes (see NEWS) * [r25] .: New trunk, a copy of Amos's branch. 2007-02-16 Amos Shapira <amosshapira@users.sourceforge.net> * [r23] branches/amos/main.c, branches/amos/test.c: switch for SOCK_SEQPACKET so the parent is notified when the child closed the connection. * [r22] branches/amos/main.c, branches/amos/test.c: some message cleanup send MSG_REP_NONE on MSG_REQ_NONE exit(2) with the same exit value as the child pay attention to the -n argument TODO: 1. make '-g' non-mandatory - default to the user's default gid from /etc/passwd 2. BUG - when privbind isn't root and the child exits on privilege drop - the parent get blocked on recvmsg. Have to find the right way to signal the parent to exit. (test: "./privbind -u 1000 -g 1000 -n 1 ./test" - from a regular user) 2007-02-15 Amos Shapira <amosshapira@users.sourceforge.net> * [r21] branches/amos/libprivbind.c, branches/amos/main.c, branches/amos/test.c: now passes back the bind result. practically functioning. * [r20] branches/amos, branches/amos/libprivbind.c, branches/amos/main.c, branches/amos/test.c: test.c - added a simple program which binds to TCP port 987 on local loopback interface so we can test the library. libprivbind.c - minor unimportant changes main.c - added main loop which accepts requests from children and execute them. Still to complete returning of bind results in main.c 2006-12-05 Shachar Shemesh <thesun@users.sourceforge.net> * [r19] ipc.h, libprivbind.c: Implement client side 2006-12-02 Shachar Shemesh <thesun@users.sourceforge.net> * [r18] Makefile.am, libprivbind.c: Add debug outputs Make sure "dlsym" links * [r17] configure.ac: Fix typo in library name * [r16] libprivbind.c, stub.h: A template "bind" override * [r15] main.c: Add copyright notice to file * [r14] configure.ac, main.c: Move the library name definition to the configure script * [r13] main.c: Add error message in case exec failed Add a warning in case privbind is run as SUID 2006-12-01 Shachar Shemesh <thesun@users.sourceforge.net> * [r12] Makefile.am, libprivbind.c, main.c: Add the preload library to the makefiles Add the priviledge drop * [r11] ., bootstrap, configure.ac: Add libtool support * [r10] main.c: Actually run child process * [r9] configure.ac, main.c: Code for passing the fd to the child * [r8] Makefile.am: Small cleanups * [r7] main.c: Create a communication socket between the processes * [r6] main.c: Allow non-numeric uids * [r5] ., main.c: Perform argument parsing 2006-11-28 Shachar Shemesh <thesun@users.sourceforge.net> * [r4] main.c: Argument processing * [r3] ., README: Some more structure cleanup * [r2] ., AUTHORS, COPYING, ChangeLog, INSTALL, Makefile.am, NEWS, bootstrap, configure.ac, main.c: Basic project structure * [r1] branches, tags, .: Create repository structure

    posted 876 days ago

  • privbind 1.1 released

    We are proud to announce that privbind version 1.1, released and ready, is now available. Privbind is a small tool allowing secure running of unprivileged programs, but allowing them to bind to privileged (&lt;1024) TCP/UDP ports. Privbind has a secure design, with no SUID executables and no daemons.

    posted by thesun 876 days ago

  • File released: /privbind/1.1/privbind-1.1.tar.gz

    posted 876 days ago

  • Code committed

    thesun committed revision 74 to the privbind SVN repository, changing 1 files

    posted by thesun 876 days ago

  • Code committed

    thesun committed revision 73 to the privbind SVN repository, changing 2 files

    posted by thesun 876 days ago

  • Code committed

    thesun committed revision 72 to the privbind SVN repository, changing 1 files

    posted by thesun 876 days ago

  • Code committed

    thesun committed revision 71 to the privbind SVN repository, changing 1 files

    posted by thesun 879 days ago

  • Code committed

    thesun committed revision 70 to the privbind SVN repository, changing 2 files

    posted by thesun 879 days ago

  • Code committed

    thesun committed revision 69 to the privbind SVN repository, changing 1 files

    posted by thesun 879 days ago

  • privbind 1.0 file released: privbind-1.0.tar.gz

    2007-06-12 Shachar Shemesh <thesun@users.sourceforge.net> * [r66] configure.ac: Update version number to 1.0 * [r65] privbind.1: Document the "-l" flag in the man page 2007-06-08 Shachar Shemesh <thesun@users.sourceforge.net> * [r64] Makefile.am, configure.ac, main.c, test.c: Add multi process and multi thread tests to "test" Add a configure option "--enable-testing", for internal tests in privbind Add optional delay after each bind inside privbind (only if --enable-testing was used) 2007-06-06 Shachar Shemesh <thesun@users.sourceforge.net> * [r63] libprivbind.c: Implement mutex - not tested 2007-06-06 Amos Shapira <amosshapira@users.sourceforge.net> * [r62] ipc.h, libprivbind.c, main.c: reverted the changes to use mutex (r59) and to send number of calls left (r60) after Shachar mentioned the problem of the application forking and calling bind(2) from both processes * [r61] privbind.1: replace "root process" by "helper process". this is the tail of such changes I committed in previous checkin. * [r60] ipc.h, libprivbind.c, main.c: the helper process sends the number of calls left together with its reply, so the privbind library can cleanly avoid sending more requests * [r59] libprivbind.c: use a mutex to synchronize access to the socket with the helper process 2007-06-05 Shachar Shemesh <thesun@users.sourceforge.net> * [r58] privbind.1: Better wording of the last bug in the manual Reinstate a "How it works" section which gives a short description of what privbind does, and direct the user to the README for more details. * [r57] Makefile.am: Syntactic cleanup of Makefile.am Install the README file during "make install" 2007-06-05 Amos Shapira <amosshapira@users.sourceforge.net> * [r56] privbind.1: (hopefully) improved style, redeability and length of manual page * [r55] privbind.1: typo 2007-06-05 Nadav Har'el <nyh@users.sourceforge.net> * [r54] privbind.1: spelling 2007-06-05 Shachar Shemesh <thesun@users.sourceforge.net> * [r53] bootstrap: Reorder the operations in bootstrap so that they actually bootstrap * [r51] privbind.1: Update the "security considerations" section of the man page * [r50] ChangeLog, Makefile.am, configure.ac, libprivbind.c: Prevent the program from closing our communication socket Cleanup in auto-generation of "paths.h" * [r49] ChangeLog, README, privbind.1: Documentation improvements. Moved the "how it works" section from the man page to the README 2007-06-02 Shachar Shemesh <thesun@users.sourceforge.net> * [r48] ChangeLog, libprivbind.c: Cleanups of libprivbind. Improve the semantic behaviour. * [r47] Makefile.am: Make sure that "make test" can be used with different privbind and testbind parameters * [r46] Makefile.am, configure.ac, main.c: Add "test" target that tests privbind in place. Added "test-su" and "test-sudo" to automatically elevate to root for the test * [r45] Makefile.am, test.c: Make the test file more flexible. * [r44] ChangeLog, main.c, test.c: Switch the order of the processes. Parent now runs the command, child handles the binds * [r43] main.c: Code cleanup - split the parent and child code into separate functions * [r42] ChangeLog, Makefile.am, configure.ac, main.c, test.c: Better build of "test" - remove some warnings, add to makefile (and to "make dist"). Moved the preload library from */lib to */lib/privbind to reduce shared directory clutter 2007-06-01 Amos Shapira <amosshapira@users.sourceforge.net> * [r41] main.c: removed old '-d' option passed to getopts without being handled by main() 2007-06-01 Shachar Shemesh <thesun@users.sourceforge.net> * [r39] bootstrap, configure.ac: Cleanup warnings on "bootstrap" rerun disable (by default) creation of static libraries 2007-05-24 Amos Shapira <amosshapira@users.sourceforge.net> * [r38] bootstrap: made bootstrap an executable script * [r37] README: s/low/reserved ports 2007-05-23 Nadav Har'el <nyh@users.sourceforge.net> * [r36] README: Added a README * [r35] main.c: Change usage line a bit 2007-05-22 Amos Shapira <amosshapira@users.sourceforge.net> * [r34] main.c: more fixes to the assumption that gid 0 is illegal. I leave uid==0 alone since I'm not sure it makes sense to use this program and keep uid 0. * [r33] main.c: added missing help() function parameter type fixed test for gid value legality - zero is also a legal value * [r32] main.c: fix typo in fixed message * [r31] main.c: improved help message text for -g default 2007-05-22 Shachar Shemesh <thesun@users.sourceforge.net> * [r30] ChangeLog, Makefile.am, NEWS: Move the NEWS, which looked like a changelog, to ChangeLog Create a stub NEWS Update Makefile.am so that make dist will work 2007-05-22 Nadav Har'el <nyh@users.sourceforge.net> * [r29] NEWS: * [r28] Makefile.am, privbind.1: Add manual page 2007-05-21 Nadav Har'el <nyh@users.sourceforge.net> * [r27] main.c: Fix usage line to show that -g option is actually optional, not mandatory. * [r26] AUTHORS, NEWS, configure.ac, main.c, test.c: Some command line and other changes (see NEWS) * [r25] .: New trunk, a copy of Amos's branch. 2007-02-16 Amos Shapira <amosshapira@users.sourceforge.net> * [r23] branches/amos/main.c, branches/amos/test.c: switch for SOCK_SEQPACKET so the parent is notified when the child closed the connection. * [r22] branches/amos/main.c, branches/amos/test.c: some message cleanup send MSG_REP_NONE on MSG_REQ_NONE exit(2) with the same exit value as the child pay attention to the -n argument TODO: 1. make '-g' non-mandatory - default to the user's default gid from /etc/passwd 2. BUG - when privbind isn't root and the child exits on privilege drop - the parent get blocked on recvmsg. Have to find the right way to signal the parent to exit. (test: "./privbind -u 1000 -g 1000 -n 1 ./test" - from a regular user) 2007-02-15 Amos Shapira <amosshapira@users.sourceforge.net> * [r21] branches/amos/libprivbind.c, branches/amos/main.c, branches/amos/test.c: now passes back the bind result. practically functioning. * [r20] branches/amos, branches/amos/libprivbind.c, branches/amos/main.c, branches/amos/test.c: test.c - added a simple program which binds to TCP port 987 on local loopback interface so we can test the library. libprivbind.c - minor unimportant changes main.c - added main loop which accepts requests from children and execute them. Still to complete returning of bind results in main.c 2006-12-05 Shachar Shemesh <thesun@users.sourceforge.net> * [r19] ipc.h, libprivbind.c: Implement client side 2006-12-02 Shachar Shemesh <thesun@users.sourceforge.net> * [r18] Makefile.am, libprivbind.c: Add debug outputs Make sure "dlsym" links * [r17] configure.ac: Fix typo in library name * [r16] libprivbind.c, stub.h: A template "bind" override * [r15] main.c: Add copyright notice to file * [r14] configure.ac, main.c: Move the library name definition to the configure script * [r13] main.c: Add error message in case exec failed Add a warning in case privbind is run as SUID 2006-12-01 Shachar Shemesh <thesun@users.sourceforge.net> * [r12] Makefile.am, libprivbind.c, main.c: Add the preload library to the makefiles Add the priviledge drop * [r11] ., bootstrap, configure.ac: Add libtool support * [r10] main.c: Actually run child process * [r9] configure.ac, main.c: Code for passing the fd to the child * [r8] Makefile.am: Small cleanups * [r7] main.c: Create a communication socket between the processes * [r6] main.c: Allow non-numeric uids * [r5] ., main.c: Perform argument parsing 2006-11-28 Shachar Shemesh <thesun@users.sourceforge.net> * [r4] main.c: Argument processing * [r3] ., README: Some more structure cleanup * [r2] ., AUTHORS, COPYING, ChangeLog, INSTALL, Makefile.am, NEWS, bootstrap, configure.ac, main.c: Basic project structure * [r1] branches, tags, .: Create repository structure

    posted 881 days ago

Rate and Review

Be the first person to add a text review.

Would you recommend this project?





<

Related Projects

privbind Actions

About SourceForge

Find Software

Develop Software

Community

Help

Copyright © 2009 Geeknet, Inc. All rights reserved. Terms of Use

Thanks for your rating!

Would you also like to write a review?





Skip Review