- Subject: libc/1172: rresvport should avoid well known ports
- From: han.holl@pobox.com
- Date: Fri Jun 25 18:55:23 1999
Topics:
libc/1172: rresvport should avoid well known ports (from /etc/services)
----------------------------------------------------------------------
Date: Sun, 20 Jun 1999 14:57:56 -0400
From: han.holl@pobox.com
To: bugs@gnu.org
Subject: libc/1172: rresvport should avoid well known ports (from /etc/services)
Message-Id: <199906201857.OAA24203@delysid.gnu.org>
>Number: 1172
>Category: libc
>Synopsis: rresvport should avoid well known ports (from /etc/services)
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: libc-gnats
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Sun Jun 20 15:00:01 EDT 1999
>Last-Modified:
>Originator: han.holl@pobox.com
>Organization:
net
>Release: 2.0.7
>Environment:
>Description:
If you start (for instance) rpc.mountd, it obtains, more or less random,
a port between 600 and 1024.
This makes is hazardous to start a server at a well known address between
600 and 1024, like rsyncd and several kerberos servers, because rresvport
_could_ already have doled out these weel known ports.
The fix is easy: let rresvport() check with getservbyport() whether the port
is in /etc/services, and avoid these ports.
(Having to start rsyncd _before_ rpc.mountd is a error prone kludge).
Regards,
Han Holl
>How-To-Repeat:
Just read the source of rresvport(). It uses the PID modulo #PORTS, so
repeating isn't too easy
>Fix:
>Audit-Trail:
>Unformatted:
------------------------------
End of forwardyKAKaC Digest
***************************