Hide Forgot
Description of problem: When dante 1.1.13 SOCKS server is configured to run on a privileged port (<1024, rather than default 1080) by means of "internal: xxx port = NNN" , AND "sameport" compatibility option is set, sockd will instead start on a random port, choosen by glibc itself, because bindresvport is used. (between STARTPORT=600 and netinet/in.h:IPPORT_RESERVED=1024 -1), This is wrong. Under BSD, bindresvport will attempt to bind specified port, but under GNU libc, it doesn't. It's purely random (based on PID) and between the ports above. I don't know if this should be corrected to match BSD or not in glibc. (Hence the cc:'s in this email). In any case, dante must not do this and the call to bindresvport should be replaced by a normal bind. I don't think this will create any problems in BSD either. Version-Release number of selected component (if applicable): 1.1.13 How reproducible: always Steps to Reproduce: 1.In /etc/sockd.conf set: internal: eth0 port = 993 compatibility: sameport 2. run "sockd -d" 3. check the output to see that it is listening on some other port. Or run socklist | grep sockd Actual results: binds to a random port between 600 and 1023 Expected results: to bind to the specified privileged port. Additional info: it's due to use of bindrecvport in sockd_socked.c , which behaves differently in BSD and Libc
Created attachment 91022 [details] A patch that replaces wrong use of bindrecvport by normal bind. While bindresvport() in BSD will use the suggested port in the argument to the call, in GNU libc, it won't. Hence, if "sameport" and a port < 1024 is choosen, dante will end up listening on a random port. In this patch, the call to bindresvport is replaced, _minimizing_ changes, with a call to normal bind.
The Powertools product was end of life'ed in (IIRC) December. For more information on the currently supported products please visit: http://www.redhat.com/apps/support/errata/