Bug 88331 - dante listens on random port if privileged port is set and sameport option on
dante listens on random port if privileged port is set and sameport option on
Status: CLOSED WONTFIX
Product: Red Hat Powertools
Classification: Retired
Component: dante (Show other bugs)
7.1
All Linux
medium Severity low
: ---
: ---
Assigned To: Tim Powers
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-04-08 20:36 EDT by Silvio Macedo
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-04-10 13:22:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
A patch that replaces wrong use of bindrecvport by normal bind. (1.21 KB, patch)
2003-04-08 20:39 EDT, Silvio Macedo
no flags Details | Diff

  None (edit)
Description Silvio Macedo 2003-04-08 20:36:18 EDT
Description of problem:
When dante 1.1.13 SOCKS server is configured to run on a privileged port
(<1024, rather than default 1080) by means of "internal: xxx port = NNN" ,
AND "sameport" compatibility option is set, sockd will instead start on a
random port, choosen by glibc itself, because bindresvport is used.
 (between STARTPORT=600 and netinet/in.h:IPPORT_RESERVED=1024 -1),

This is wrong. Under BSD, bindresvport will attempt to bind specified
port, but under GNU libc, it doesn't. It's purely random (based on PID)
and between the ports above. I don't know if this should be corrected to
match BSD or not in glibc. (Hence the cc:'s in this email).

In any case, dante must not do this and the call to bindresvport should be
replaced by a normal bind. I don't think this will create any problems in
BSD either.


Version-Release number of selected component (if applicable):

1.1.13

How reproducible:

always

Steps to Reproduce:
1.In /etc/sockd.conf set:
internal: eth0 port = 993
compatibility: sameport
2. run "sockd -d"
3. check the output to see that it is listening on some other port.
Or run socklist | grep sockd
    
Actual results:

binds to a random port between 600 and 1023

Expected results:

to bind to the specified privileged port.

Additional info:
it's due to use of bindrecvport in sockd_socked.c , which behaves differently 
in BSD and Libc
Comment 1 Silvio Macedo 2003-04-08 20:39:32 EDT
Created attachment 91022 [details]
A patch that replaces wrong use of bindrecvport by normal bind.

 While bindresvport() in BSD will use the suggested port
in the argument to the call, in GNU libc, it won't.
Hence, if "sameport" and a port < 1024 is choosen, dante
will end up listening on a random port. In this patch,
 the call to bindresvport is replaced, _minimizing_
changes, with a call to normal bind.
Comment 2 Tim Powers 2003-04-10 13:22:20 EDT
The Powertools product was end of life'ed in (IIRC) December. For more
information on the currently supported products please visit:

http://www.redhat.com/apps/support/errata/

Note You need to log in before you can comment on or make changes to this bug.