[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup

On Fri, Aug 19, 2011 at 10:49:41AM +0200, Guus Sliepen wrote:
> On Fri, Aug 19, 2011 at 10:13:17AM +1000, Russell Coker wrote:
> > Systems running SE Linux tend not to have this problem.  In most cases the 
> > daemons which use RPC services are not permitted to bind to any of the ports 
> > that are reserved for services and therefore such a bind attempt fails with 
> > EPERM, glibc will just decrement the port number and try again when this 
> > happens.
> 
> We could also patch bindresvport() to skip all ports mentioned in
> /etc/services, to get similar behaviour as with SE Linux. Or patch the programs
> using it to first try to bind to a static port that does not conflict with
> those in /etc/services, and if that fails fall back to bindresvport().

Or use a whitelist rather than pretending that /etc/services was complete
anywhere within the last 20 years.

Not to mention bindresvport() removes the freedom of the sysadmin to bind
services to whatever ports she wishes.  Or, say, run multiple instances of a
service.

-- 
1KB		// Yo momma uses IPv4!
Reply to: