| |
| Tips for using socat in secured environments: |
| |
| * Configure socat to only enable the required features, e.g. to protect your |
| filesystem from any accesses through socat: |
| make distclean |
| ./configure --disable-file --disable-creat --disable-gopen \ |
| --disable-pipe --disable-unix --disable-exec --disable-system |
| use "socat -V" to see what features are still enabled; see |
| ./configure --help for more options to disable |
| |
| * Do NOT install socat SUID root or so when you have untrusted users or |
| unprivileged daemons on your machine, because the full install of socat can |
| override arbitrary files and execute arbitrary programs! |
| |
| * Set logging to "-d -d" (in special cases even higher) |
| |
| * With files, protect against symlink attacks with nofollow (Linux), and |
| avoid accessing files in world-writable directories like /tmp |
| |
| * When listening, use bind option (except UNIX domain sockets) |
| |
| * When listening, use range option (currently only for IP4 sockets) |
| |
| * When using socat with system, exec, or in a shell script, know what you do |
| |
| * With system and exec, use absolute pathes or set the path option |
| |
| * When starting programs with socat, consider using the chroot option (this |
| requires root, so use the substuser option too). |
| |
| * Start socat as root only if required; if so, use substuser option |
| Note: starting a SUID program after applying substuser or setuid gives the |
| process the SUID owner, which might give root privileges again. |
| |
| * Socat, like netcat, is what intruders like to have on their victims machine: |
| once they have gained a toehold they try to establish a versatile connection |
| back to their attack base, and they want to attack other systems. For both |
| purposes, socat could be helpful. Therefore, it might be useful to install |
| socat with owner/permissions root:socatgrp/750, and to make all trusted users |
| members of group socatgrp. |
