On Fri, Aug 19, 2011 at 10:49:41AM +0200, Guus Sliepen wrote: > On Fri, Aug 19, 2011 at 10:13:17AM +1000, Russell Coker wrote: > > Systems running SE Linux tend not to have this problem. In most cases the > > daemons which use RPC services are not permitted to bind to any of the > > ports > > that are reserved for services and therefore such a bind attempt fails with > > EPERM, glibc will just decrement the port number and try again when this > > happens. > > We could also patch bindresvport() to skip all ports mentioned in > /etc/services, to get similar behaviour as with SE Linux. Or patch the > programs > using it to first try to bind to a static port that does not conflict with > those in /etc/services, and if that fails fall back to bindresvport().
Or use a whitelist rather than pretending that /etc/services was complete anywhere within the last 20 years. Not to mention bindresvport() removes the freedom of the sysadmin to bind services to whatever ports she wishes. Or, say, run multiple instances of a service. -- 1KB // Yo momma uses IPv4! -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
