Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup

To: debian-devel@lists.debian.org
Cc: 638322@bugs.debian.org
Subject: Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
From: Adam Borowski <kilobyte@angband.pl>
Date: Fri, 19 Aug 2011 19:53:46 +0200
Message-id: <[🔎] 20110819175346.GA26848@angband.pl>
In-reply-to: <[🔎] 201108200002.12738.russell@coker.com.au>
References: <20110818153916.19457.37751.reportbug@adenauer.informatik.rwth-aachen.de> <[🔎] 20110819084941.GT30145@sliepen.org> <[🔎] 20110819094712.GA24757@angband.pl> <[🔎] 201108200002.12738.russell@coker.com.au>

On Sat, Aug 20, 2011 at 12:02:12AM +1000, Russell Coker wrote:
> On Fri, 19 Aug 2011, Adam Borowski <kilobyte@angband.pl> wrote:
> > Not to mention bindresvport() removes the freedom of the sysadmin to bind
> > services to whatever ports she wishes.  Or, say, run multiple instances of
> > a service.
> 
> If you make your program use bindresvport() then it means that you don't care 
> what the port number is as long as it's in the reserved range.

Except that it should not get into ports used by something else.

> It seems to me that the only problem is if you run multiple instances of a 
> daemon on different ports and don't use /etc/bindresvport.blacklist, SE Linux, 
> or some other method of telling bindresvport() to leave your port alone.  That 
> wouldn't be an issue of sysadmin freedom but sysadmin ignorance (and I am one 
> of the people who was ignorant of bindresvport.blacklist).

You can't blame "sysadmin ignorance".  I've just grepped through every
single man page in Debian (ok, amd64 main), and there is not a single
reference to /etc/bindresvport.blacklist.  In fact, even bindresvport() is
referenced only from its own manpage and from portreserve which is another
hack to work around this bug.  portreserve is neither recommended/suggested,
nor has any data that would allow it to work.

No other daemon I know has this problem.  If I install daemon foo, I can
expect it to not touch any ports it hasn't been configured to use.  It's
just portmap/SunRPC that uses random scatter-shot that can trample on
something else.

So what about this: let's reserve a number of ports for portmap's exclusive
usage[1].  There's like 900 unused assignments, so there's plenty of space
than could be parcelled off.  SunRPC has long since degenerated from
something with a general purpose to a peculiarity of NFS, so not many ports
are needed.  Only under a pathological configuration one could exceed any
reasonable static limit, and in that case bindresvport() would revert to the
blacklist+scattershot.

[1]. Unless the sysadmin knowingly takes them for some other purpose; no
different from, say, having sshd listen on port 443.

-- 
1KB		// Yo momma uses IPv4!

Reply to:

Follow-Ups:
- Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
  - From: Russell Coker <russell@coker.com.au>

References:
- Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
  - From: Guus Sliepen <guus@debian.org>
- Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
  - From: Adam Borowski <kilobyte@angband.pl>
- Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: mplayer2 is a very poor fork name used to confuse users.
Next by Date: Re: /usr/share/doc/ files and gzip/xz/no compression
Previous by thread: Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
Next by thread: Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
Index(es):
- Date
- Thread