Red Hat Bugzilla – Bug 88331
dante listens on random port if privileged port is set and sameport option on
Last modified: 2008-05-01 11:38:05 EDT
Description of problem:
When dante 1.1.13 SOCKS server is configured to run on a privileged port
(<1024, rather than default 1080) by means of "internal: xxx port = NNN" ,
AND "sameport" compatibility option is set, sockd will instead start on a
random port, choosen by glibc itself, because bindresvport is used.
(between STARTPORT=600 and netinet/in.h:IPPORT_RESERVED=1024 -1),
This is wrong. Under BSD, bindresvport will attempt to bind specified
port, but under GNU libc, it doesn't. It's purely random (based on PID)
and between the ports above. I don't know if this should be corrected to
match BSD or not in glibc. (Hence the cc:'s in this email).
In any case, dante must not do this and the call to bindresvport should be
replaced by a normal bind. I don't think this will create any problems in
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.In /etc/sockd.conf set:
internal: eth0 port = 993
2. run "sockd -d"
3. check the output to see that it is listening on some other port.
Or run socklist | grep sockd
binds to a random port between 600 and 1023
to bind to the specified privileged port.
it's due to use of bindrecvport in sockd_socked.c , which behaves differently
in BSD and Libc
Created attachment 91022 [details]
A patch that replaces wrong use of bindrecvport by normal bind.
While bindresvport() in BSD will use the suggested port
in the argument to the call, in GNU libc, it won't.
Hence, if "sameport" and a port < 1024 is choosen, dante
will end up listening on a random port. In this patch,
the call to bindresvport is replaced, _minimizing_
changes, with a call to normal bind.
The Powertools product was end of life'ed in (IIRC) December. For more
information on the currently supported products please visit: