On Fri, Sep 23, 2005 at 10:20:21AM -0300, Henrique de Moraes Holschuh wrote: > On Fri, 23 Sep 2005, Gernot Salzer wrote: > > - Modify portmap/bindresvport such that certain blacklisted > > ports are skipped even if they are not yet in use when a > > new priviledged port ist requested. > > Since the braindamaged one here is portmap, that's probably best. Modify it > to never use anything that has an entry in /etc/services. If we have too > much crap on /etc/services, clean that up a bit.
No, portmap is not the one braindmaged as it does _not_ assign ports, it only
registers them. Take a look at the FAM code:
src/Listener.c++
(...)
95 if (bindresvport(sock, &addr) < 0)
96 {
97 Log::perror("can't bind to reserved port");
98 exit(1);
99 }
(...)
105 (void) pmap_unset(program, version);
106 if (!pmap_set(program, version, IPPROTO_TCP,
ntohs(addr.sin_port 106 )))
107 {
108 Log::error("can't register with portmapper.");
109 exit(1);
110 }
The same is true for other RPC servers. It's the libc that restricts the port
numbers (look at glibc-2.3.5/sunrpc/bindrsvprt.c, currently, it seems
it's port = (PID % 424) + 600). And, as I've said, the libc maintainer is
not going to add a blacklist there for stuff in /etc/services. Please reread
the references I gave in my previous e-mail.
Regards
Javier
signature.asc
Description: Digital signature
