socat/SECURITY


Tips for using socat in secured environments:

* Configure socat to only enable the required features, e.g. to protect your
	filesystem from any accesses through socat: 
	make distclean
	./configure --disable-file --disable-creat --disable-gopen \
		 --disable-pipe	--disable-unix --disable-exec --disable-system
	use "socat -V" to see what features are still enabled; see 
	./configure --help  for more options to disable

* Do NOT install socat SUID root or so when you have untrusted users or
unprivileged daemons on your machine, because the full install of socat can
override arbitrary files and execute arbitrary programs!

* Set logging to "-d -d" (in special cases even higher)

* With files, protect against symlink attacks with nofollow (Linux), and
avoid accessing files in world-writable directories like /tmp

* When listening, use bind option (except UNIX domain sockets)

* When listening, use range option (currently only for IP4 sockets)

* When using socat with system, exec, or in a shell script, know what you do

* With system and exec, use absolute pathes or set the path option

* When starting programs with socat, consider using the chroot option (this
requires root, so use the substuser option too).

* Start socat as root only if required; if so, use substuser option
Note: starting a SUID program after applying substuser or setuid gives the
process the SUID owner, which might give root privileges again.

* Socat, like netcat, is what intruders like to have on their victims machine:
once they have gained a toehold they try to establish a versatile connection 
back to their attack base, and they want to attack other systems. For both
purposes, socat could be helpful. Therefore, it might be useful to install
socat with owner/permissions root:socatgrp/750, and to make all trusted users
members of group socatgrp.
socat V1.6.0.0 (initial GIT commit) 2008-01-27 07:00:08 -05:00
			`Tips for using socat in secured environments:`

			`* Configure socat to only enable the required features, e.g. to protect your`
			`filesystem from any accesses through socat:`
			`make distclean`
			`./configure --disable-file --disable-creat --disable-gopen \`
			`--disable-pipe --disable-unix --disable-exec --disable-system`
			`use "socat -V" to see what features are still enabled; see`
			`./configure --help for more options to disable`

			`* Do NOT install socat SUID root or so when you have untrusted users or`
			`unprivileged daemons on your machine, because the full install of socat can`
			`override arbitrary files and execute arbitrary programs!`

			`* Set logging to "-d -d" (in special cases even higher)`

			`* With files, protect against symlink attacks with nofollow (Linux), and`
			`avoid accessing files in world-writable directories like /tmp`

			`* When listening, use bind option (except UNIX domain sockets)`

			`* When listening, use range option (currently only for IP4 sockets)`

			`* When using socat with system, exec, or in a shell script, know what you do`

			`* With system and exec, use absolute pathes or set the path option`

			`* When starting programs with socat, consider using the chroot option (this`
			`requires root, so use the substuser option too).`

			`* Start socat as root only if required; if so, use substuser option`
			`Note: starting a SUID program after applying substuser or setuid gives the`
			`process the SUID owner, which might give root privileges again.`

			`* Socat, like netcat, is what intruders like to have on their victims machine:`
			`once they have gained a toehold they try to establish a versatile connection`
			`back to their attack base, and they want to attack other systems. For both`
			`purposes, socat could be helpful. Therefore, it might be useful to install`
			`socat with owner/permissions root:socatgrp/750, and to make all trusted users`
			`members of group socatgrp.`