1

Is there a wrapper that will prevent an executable from listening on a port? Alternately, is there a wrapper that would remap the port, so that the executable thinks it's listening on 80, but is actually listening on 8080

My dream commandline would be:

server:~ # remapper -f 80 -t 8080 /usr/bin/some_binary
eventi
  • 231
  • 1
  • 4
  • 2
    What are you're trying to solve? – Benoit Jan 20 '11 at 12:57
  • I need to allow users to upload a script, and I'll have no control over the port they decide to listen on - I'd like to remap it to a port I specify, then use nginx to route from http://user.site.com:80 to the port I assign to the script – eventi Jan 20 '11 at 15:10

2 Answers2

1

Creating a Mandatory Access Controller policy in SELinux, AppArmor (or, I believe, Solaris Trusted Extensions) is the only real way to ensure that applications aren't allowed to bind to ports that aren't explicitly specified in the policy. If you want to map one port to another port for incoming connections, that's done at the system firewall/packet filter level -- iptables on Linux, ipf in Solaris, etc.

Benoit's question stands, though, and what you're trying to do may be overkill.

jgoldschrafe
  • 4,395
  • 18
  • 18
  • Thanks - I looked at doing it a few other ways, but check what I replied to benoit - I think remapping will better than simply blocking because I want to minimize the restrictions to what the user can do. – eventi Jan 20 '11 at 15:12
  • Also - programs like trickle can catch the libc calls from a dynamically linked binary, so it seems that it's possible with a few givens (dynamic linking, etc...) I'm just trying to see if such a thing already exists. – eventi Jan 20 '11 at 15:15
0

You run run a webserver on port 80 that is able to execute only certain script types. Then you could allow users to upload to the webserver an execute their script via the webbrowser, thereby forcing it to be accessed only through http. Just a thought.

For example, execute this from cgi-bin :

#!/bin/bash
# get today's date
OUTPUT="$(date)"
# You must add following two lines before
# outputting data to the web browser from shell
# script
 echo "Content-type: text/html"
 echo ""
 echo "<html><head><title>Demo</title></head><body>"
 echo "Today is $OUTPUT <br>"
 echo "Current directory is $(pwd) <br>"
 echo "Shell Script name is $0"
 echo "</body></html>"
djangofan
  • 4,182
  • 10
  • 46
  • 59