ACIL FM

Nama	Ukuran	Aksi
BUGREPORTS	746 B	View DL Edit
CHANGES	67.79 MB	View DL Edit
COPYING	17.67 MB	View DL Edit
COPYING.OpenSSL	6.13 MB	View DL Edit
daemon.sh	903 B	View DL Edit
DEVELOPMENT	8.99 MB	View DL Edit
EXAMPLES	17.01 MB	View DL Edit
FAQ	3.75 MB	View DL Edit
ftp.sh	4.12 MB	View DL Edit
gatherinfo.sh	4.03 MB	View DL Edit
mail.sh	2.02 MB	View DL Edit
PORTING	3.02 MB	View DL Edit
proxy.sh	1.99 MB	View DL Edit
proxyecho.sh	1.2 MB	View DL Edit
readline-test.sh	1.26 MB	View DL Edit
readline.sh	764 B	View DL Edit
README	11.47 MB	View DL Edit
SECURITY	1.81 MB	View DL Edit
socat_buildscript_for_android.sh	3.5 MB	View DL Edit
socks4a-echo.sh	2.52 MB	View DL Edit
socks4echo.sh	2.31 MB	View DL Edit
test.sh	459.55 MB	View DL Edit

Edit file: /usr/share/doc/socat/SECURITY

Tips for using socat in secured environments:

* Configure socat to only enable the required features, e.g. to protect your
	filesystem from any accesses through socat: 
	make distclean
	./configure --disable-file --disable-creat --disable-gopen \
		 --disable-pipe	--disable-unix --disable-exec --disable-system
	use "socat -V" to see what features are still enabled; see 
	./configure --help  for more options to disable

* Do NOT install socat SUID root or so when you have untrusted users or
unprivileged daemons on your machine, because the full install of socat can
override arbitrary files and execute arbitrary programs!

* Set logging to "-d -d" (in special cases even higher)

* With files, protect against symlink attacks with nofollow (Linux), and
avoid accessing files in world-writable directories like /tmp

* When listening, use bind option (except UNIX domain sockets)

* When listening, use range option (currently only for IP4 sockets)

* When using socat with system, exec, or in a shell script, know what you do

* With system and exec, use absolute pathes or set the path option

* When starting programs with socat, consider using the chroot option (this
requires root, so use the substuser option too).

* Start socat as root only if required; if so, use substuser option
Note: starting a SUID program after applying substuser or setuid gives the
process the SUID owner, which might give root privileges again.

* Socat, like netcat, is what intruders like to have on their victims machine:
once they have gained a toehold they try to establish a versatile connection 
back to their attack base, and they want to attack other systems. For both
purposes, socat could be helpful. Therefore, it might be useful to install
socat with owner/permissions root:socatgrp/750, and to make all trusted users
members of group socatgrp.

Batal