This is the mail archive of the
libc-alpha@sourceware.cygnus.com
mailing list for the glibc project.
Re: [han.holl@pobox.com] libc/1172: rresvport should avoid well known ports
On Fri, Jun 25, Han Holl wrote:
> Andreas Jaeger wrote:
> >
> > >>>>> Thorsten Kukuk writes:
> >
> > Thorsten> On Fri, Jun 25, Andreas Jaeger wrote:
> >
> > >> Check RFC1700, the ports are reserved until 1023 - and there're some
> > >> well known programs in the range like kerberos,syslog,talk.
> >
> > Thorsten> Stupid. 512-1023 are used on all Unix for dynamically
> > Thorsten> assigned privileged ports. If IANA uses them all for fixed
> > Thorsten> programs, what should we do with RPC ? This means, it is
> > Thorsten> impossible to set up a "secure" NIS server or to make
> > Thorsten> "secure" queries, means queries from a port less 1023.
> >
> > I agree. That's the problem - so what can we do? I wouldn't call
> > myself a network expert and therefore count on your opinions.
> >
>
> Thorsten,
>
> Is there anything very wrong with my earlier suggestion to use
> getservbyport() ?
>
> A system administrator could decide to edit in/out the ports (s)he
> wants reserved for well known daemons/ free for dynamic assignment.
>
> Am I missing something here ?
Yes. For example as Systemvedor like Sun or as Linux Distributor you
should add all reserved numbers to /etc/services. What happens if
nearly all numbers are assigned in this range ? The system couldn't
boot, you couldn't make queries from a reserved port, ...
Your system is unuseable.
Before I make a final solution for this, I will look at other
systems how they have solved the problem.
Thorsten
--
Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@suse.de
SuSE GmbH Schanzaeckerstr. 10 90443 Nuernberg
Linux is like a Vorlon. It is incredibly powerful, gives terse,
cryptic answers and has a lot of things going on in the background.