Control: tags -1 moreinfo unreproducible
I wrote:
> Can you give me a complete repro case ?
> (Is the port you are asking for actually 80 or something else ?)
I think you have perhaps missed this part in the manual:
PORTS 512-1023
Authorising binding to ports from 512 to 1023 inclusive is
not recom? mended. Some protocols (including some versions
of NFS) authorise clients by seeing that they are using a
port number in this range. So by authorising a program to be
a server for such a port, you are also authorising it to
impersonate the whole host for those protocols.
To make sure that this isn't done by accident, if the port
number requested is in the range 512-1023, authbind will
expect the permission files to have an additional ! at the
start of their leafname.
?
--
Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
