Re: services(5): add default ftps ports

Thu, 06 May 2021 13:25:59 -0700 

On Wed, May 05, 2021 at 12:18:43PM -0600, Theo de Raadt wrote:
> I would like a further justification for removing these ports from
> the very limited dynamic reserved space used by bindresvport.
> 
> (but not by rresvport, which appears still stomp over them)
> 
> For tcp, 32 of the 512 are locked out.
> For udp, 19.
> 
> What software is actually using these ports?
> 
> Is that software irrelevant these days?

I'm working on a diff to bring ftps with libtls into our ftpd(8).  There
is a "getaddrinfo(NULL, "ftps", &hints, &res0)" call, which uses this
port.  Thus, I made this change.

> Jan Klemkow <j.klem...@wemelug.de> wrote:
> > On Wed, May 05, 2021 at 11:09:12AM +0100, Stuart Henderson wrote:
> > > On 2021/05/04 12:07, Jan Klemkow wrote:
> > > > Add missing ftps defaults ports to servies(5).
> > > > 
> > > > Index: services
> > > > ===================================================================
> > > > RCS file: /cvs/src/etc/services,v
> > > > retrieving revision 1.99
> > > > diff -u -p -r1.99 services
> > > > --- services    18 Feb 2021 02:30:29 -0000      1.99
> > > > +++ services    4 May 2021 10:01:35 -0000
> > > > @@ -318,6 +318,10 @@ krb_prop   754/tcp         hprop           # 
> > > > Kerberos slav
> > > >  krbupdate      760/tcp         kreg            # BSD Kerberos 
> > > > registration
> > > >  supfilesrv     871/tcp                         # SUP server
> > > >  swat           901/tcp                         # Samba Web 
> > > > Administration Tool
> > > > +ftps-data      989/tcp                         # ftp data over TLS/SSL
> > > > +ftps-data      989/udp                         # ftp data over TLS/SSL
> > > > +ftps           990/tcp                         # ftp control over 
> > > > TLS/SSL
> > > > +ftps           990/udp                         # ftp control over 
> > > > TLS/SSL
> > > 
> > > I'm OK with adding the TCP ones (though ftp-over-tls always makes me
> > > want to rant...). It's not going to run on UDP though so I think those
> > > should not be added.
> > 
> > OK?
> > 
> > Index: services
> > ===================================================================
> > RCS file: /cvs/src/etc/services,v
> > retrieving revision 1.99
> > diff -u -p -r1.99 services
> > --- services        18 Feb 2021 02:30:29 -0000      1.99
> > +++ services        5 May 2021 12:24:29 -0000
> > @@ -318,6 +318,8 @@ krb_prop        754/tcp         hprop           # 
> > Kerberos slav
> >  krbupdate  760/tcp         kreg            # BSD Kerberos registration
> >  supfilesrv 871/tcp                         # SUP server
> >  swat               901/tcp                         # Samba Web 
> > Administration Tool
> > +ftps-data  989/tcp                         # ftp data over TLS
> > +ftps               990/tcp                         # ftp control over TLS
> >  supfiledbg 1127/tcp                        # SUP debugging
> >  support            1529/tcp                        # GNATS, cygnus bug 
> > tracker
> >  datametrics        1645/udp
> > 
>

Reply via email to