issuhub.com

Advanced Programming in the UNIX® Environment

(lily) #1 
ptg10805159

Section 21.5 Source Code 795


names arelisted in/etc/hostsor registered with whatever name service we are

using, so that we can translate the names to network addresses.

We can run theprintcommand on the same machine wherethe printer spooling

daemon is running, or we can run it from any machine on the same network.We only

need to configuretheprintserverfield in/etc/printer.confin the latter case,

because only the daemon needs to know the name of the printer.

Security


Programs that run with superuser privileges have the potential to open a computer

system up to attack. Such programs usually aren’t morevulnerable than any other

program, but when compromised can lead to attackers obtaining full access to your

system.

The printer spooling daemon in this chapter starts out with superuser privileges in

this example to be able to bind a socket to a privileged TCP port number.Tomake the

daemon less vulnerable to attack, we can

•Design the daemon to conform to the principles of least privilege (Section 8.11).

After we obtain a socket bound to a privileged port address, we can change the

user and group IDs of the daemon to something other thanroot(lp,for

example). All the files and directories used to storequeued print jobs should be

owned by this nonprivileged user.This way,the daemon, if compromised, will

provide the attacker with access only to the printing subsystem. This is still a

concern, but it is far less serious than an attacker getting full access to your

system.

•Audit the daemon’s source code for all known potential vulnerabilities, such as

buffer overruns.

•Log unexpected or suspicious behavior so that an administrator can take note

and investigate further.

21.5 Source Code xviii Contents


The source code for this chapter comprises five files, not including some of the common

library routines we’ve used in earlier chapters:

ipp.h Header file containing IPP definitions

print.h Header containing common constants, data structuredefinitions, and

utility routine declarations

util.c Utility routines used by the two programs

print.c The C source file for the command used to print a file

printd.c The C source file for the printer spooling daemon

We will study each file in the order listed.
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.