Closed HarshaVardhanJ closed 4 years ago
Good suggestion. I haven't thought really about making the DNS port customizable.
Have you checked a setting to allow any program to listen on port <1024 with:
setcap 'cap_net_bind_service=+ep' /path/to/program
https://unix.stackexchange.com/questions/10735/allowing-a-user-to-let-listen-to-a-port-below-1024
Thanks for taking the time to consider my suggestions. I have now implemented the workaround that you had suggested. The image works as intended. The 'pwndrop' process is now able to bind to privileged ports while running as a non root user. Thanks! You can take a look at the image I've pushed to my repository on Docker Hub. I've added the image with the tag nonroot
.
Similar to how there are directives in the
pwndrop.ini
file for changing the HTTP and HTTPS ports, it would be nice if there was such an option for changing the DNS port.Apart from offering more flexibility, there is another advantage to this. I'm trying to build a Docker image in which the processes(mainly
pwndrop
) are run as an unprivileged user(for security purposes).Since the port on which the DNS server listens is hard-coded to a privileged port(
53
), there is no possibility to change it without changing the value in the/core/nameserver.go
file as shown below:Since a process started by a non-root user cannot be bound to a privileged port(<1024), it would be convenient if the ability to change the port on which the DNS server listens would be provided. Thanks!