| blob | 0e10075e819fe369666c5942e86b92731150026e |
2 Tips for using socat in secured environments:
4 * Configure socat to only enable the required features, e.g. to protect your
5 filesystem from any accesses through socat:
6 make distclean
7 ./configure --disable-file --disable-creat --disable-gopen \
8 --disable-pipe --disable-unix --disable-exec --disable-system
9 use "socat -V" to see what features are still enabled; see
10 ./configure --help for more options to disable
12 * Do NOT install socat SUID root or so when you have untrusted users or
13 unprivileged daemons on your machine, because the full install of socat can
14 override arbitrary files and execute arbitrary programs!
16 * Set logging to "-d -d" (in special cases even higher)
18 * With files, protect against symlink attacks with nofollow (Linux), and
19 avoid accessing files in world-writable directories like /tmp
21 * When listening, use bind option (except UNIX domain sockets)
23 * When listening, use range option (currently only for IP4 sockets)
25 * When using socat with system, exec, or in a shell script, know what you do
27 * With system and exec, use absolute pathes or set the path option
29 * When starting programs with socat, consider using the chroot option (this
30 requires root, so use the substuser option too).
32 * Start socat as root only if required; if so, use substuser option
33 Note: starting a SUID program after applying substuser or setuid gives the
34 process the SUID owner, which might give root privileges again.
36 * Socat, like netcat, is what intruders like to have on their victims machine:
37 once they have gained a toehold they try to establish a versatile connection
38 back to their attack base, and they want to attack other systems. For both
39 purposes, socat could be helpful. Therefore, it might be useful to install
40 socat with owner/permissions root:socatgrp/750, and to make all trusted users
41 members of group socatgrp.