#acupoftea - mail.ontime-ae.com

System	:	Linux server1.ontime-gulf.com 4.18.0-553.5.1.el8_10.x86_64 #1 SMP Wed Jun 5 09:12:13 EDT 2024 x86_64
Software	:	Apache
Server	:	162.0.230.206
Domains	:	40 Domain
Permission	:	[ drwxr-xr-x ]
	:	/ usr / share / doc / socat /

216.73.216.49

Home

File SECURITY

Tips for using socat in secured environments:

* Configure socat to only enable the required features, e.g. to protect your
	filesystem from any accesses through socat: 
	make distclean
	./configure --disable-file --disable-creat --disable-gopen \
		 --disable-pipe	--disable-unix --disable-exec --disable-system
	use "socat -V" to see what features are still enabled; see 
	./configure --help  for more options to disable

* Do NOT install socat SUID root or so when you have untrusted users or
unprivileged daemons on your machine, because the full install of socat can
override arbitrary files and execute arbitrary programs!

* Set logging to "-d -d" (in special cases even higher)

* With files, protect against symlink attacks with nofollow (Linux), and
avoid accessing files in world-writable directories like /tmp

* When listening, use bind option (except UNIX domain sockets)

* When listening, use range option (currently only for IP4 sockets)

* When using socat with system, exec, or in a shell script, know what you do

* With system and exec, use absolute pathes or set the path option

* When starting programs with socat, consider using the chroot option (this
requires root, so use the substuser option too).

* Start socat as root only if required; if so, use substuser option
Note: starting a SUID program after applying substuser or setuid gives the
process the SUID owner, which might give root privileges again.

* Socat, like netcat, is what intruders like to have on their victims machine:
once they have gained a toehold they try to establish a versatile connection 
back to their attack base, and they want to attack other systems. For both
purposes, socat could be helpful. Therefore, it might be useful to install
socat with owner/permissions root:socatgrp/750, and to make all trusted users
members of group socatgrp.

Name	Type	Size	Permission	Last Modified	Actions
.	DIR	-	drwxr-xr-x	2025-07-16 10:59:07
..	DIR	-	drwxr-xr-x	2025-10-09 10:58:24
BUGREPORTS	text/plain	746 B	-rw-r--r--	2016-07-21 09:28:19
CHANGES	text/plain	67.56 KB	-rw-r--r--	2025-07-15 09:33:17
COPYING	text/plain	17.67 KB	-rw-r--r--	2017-01-06 07:28:42
COPYING.OpenSSL	text/plain	6.13 KB	-rw-r--r--	2016-07-21 09:28:19
DEVELOPMENT	text/x-c	8.99 KB	-rw-r--r--	2021-01-03 06:23:22
EXAMPLES	text/html	17.01 KB	-rw-r--r--	2021-01-03 06:23:22
FAQ	text/plain	3.75 KB	-rw-r--r--	2019-04-04 08:59:55
PORTING	text/plain	3.02 KB	-rw-r--r--	2016-07-21 09:28:19
README	text/x-c	11.47 KB	-rw-r--r--	2021-01-03 06:23:22
SECURITY	text/plain	1.81 KB	-rw-r--r--	2016-07-21 09:28:19
daemon.sh	text/x-shellscript	903 B	-rw-r--r--	2025-07-15 09:33:29
ftp.sh	text/x-shellscript	4.12 KB	-rw-r--r--	2025-07-15 09:33:29
gatherinfo.sh	text/x-shellscript	4.03 KB	-rw-r--r--	2025-07-15 09:33:29
mail.sh	text/x-shellscript	2.02 KB	-rw-r--r--	2025-07-15 09:33:29
proxy.sh	text/x-shellscript	1.99 KB	-rw-r--r--	2025-07-15 09:33:29
proxyecho.sh	text/x-shellscript	1.2 KB	-rw-r--r--	2025-07-15 09:33:29
readline-test.sh	text/x-shellscript	1.26 KB	-rw-r--r--	2025-07-15 09:33:29
readline.sh	text/x-shellscript	764 B	-rw-r--r--	2025-07-15 09:33:29
socat_buildscript_for_android.sh	text/x-shellscript	3.5 KB	-rw-r--r--	2025-07-15 09:33:29
socks4a-echo.sh	text/x-shellscript	2.52 KB	-rw-r--r--	2025-07-15 09:33:29
socks4echo.sh	text/x-shellscript	2.31 KB	-rw-r--r--	2025-07-15 09:33:29
test.sh	text/x-shellscript	456.32 KB	-rw-r--r--	2025-07-15 09:33:29

~ ACUPOFTEA - mail.ontime-ae.com