** Description changed:
+ [impact]
+
+ rpcbind binds to a 'random' reserved port at startup, which can conflict
+ with the reserved port number for other applications that actually 'own'
+ the reserved port number. One example is cups, which uses the reserved
+ port 631.
+
+ This prevents the actual 'owner' of the reserved port from starting,
+ since it can't bind to its reserved port.
+
+ Additionally, this can raise alarms from security monitoring software
+ that does not expect programs to be listening on random reserved ports.
+
+ [test case]
+
+ start rpcbind and check which ports it is listening on, e.g.:
+
+ $ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
+ udp 0 0 0.0.0.0:614 0.0.0.0:*
4678/rpcbind
+
+ each time rpcbind is restarted, it will be listening to a different
+ 'random' port.
+
+ [regression potential]
+
+ this adds a method to disable rpcbind from listening to the 'random'
+ port. any regression would likely prevent rpcbind from starting, or may
+ cause problems with the interaction between rpcinfo and rpcbind, as
+ rpcinfo may use the random reserved port in some cases, as detailed in
+ the Debian bug.
+
+ [scope]
+
+ This is needed only for Bionic and earlier.
+
+ In Focal and later, and in Debian, rpcbind defaults to not opening the
+ random reserved port. The admin can use the -r parameter to cause
+ rpcbind to restore the old behavior of opening the random reserved port.
+
+ [other info]
+
+ Note that the -r parameter is a Debian addition, and the upstream
+ rpcbind has disabled the random port functionality at build time; there
+ is no runtime parameter to allow the admin to choose the behavior.
+
+ Also, as discussed in the Debian bug, disabling this rpcbind 'feature'
+ is known to cause problems for the rpcinfo program, which is why Debian
+ introduced the -r parameter. So, when this -r parameter is backported to
+ Bionic and earlier, we must retain the default behavior for those
+ releases, which is for rpcbind to open the random reserved port.
+
+ TBD: specific method to disable rmtcalls in backport
+
+
+ [original description]
+
+ As this backports that functionality, it
+
Binary package hint: cups
cups 1.3.9-2ubuntu4
From /var/log/cups/error_log:
cups: unable to bind socket for address 127.0.0.1:631 - Address already in
use.
Nothing actually looks wrong. 127.0.0.1:631 is only in use by cupsd when
started.
** Changed in: rpcbind (Ubuntu Bionic)
Assignee: (unassigned) => Dan Streetman (ddstreet)
** Changed in: rpcbind (Ubuntu Xenial)
Assignee: (unassigned) => Dan Streetman (ddstreet)
** Changed in: rpcbind (Ubuntu Bionic)
Importance: Undecided => Medium
** Changed in: rpcbind (Ubuntu Xenial)
Importance: Undecided => Medium
** Changed in: rpcbind (Ubuntu Bionic)
Status: New => In Progress
** Changed in: rpcbind (Ubuntu Xenial)
Status: New => In Progress
** Changed in: rpcbind (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/304393
Title:
rpcbind grabs ports used by other daemons such as cupsd
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/304393/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs