On Fri, Nov 15, 2002 at 04:00:37PM -0800, Arun Sharma wrote:
>
> One of the Intel server platforms has a magic port number (623) that
> it uses for remote server management. However, neither the kernel nor
> glibc are aware of this special port.
>
> As a result, when someone requests a privileged port using
> bindresvport(3), they may get this port back and bad things happen.
The problem is that you want bindresvport() to fail and your bind() to
succeed, but bindresvport() calls bind(), so there's no way to distinguish
them.
But if you're willing to modify a bit your app and the kernel, at least there
would be a method. You could find a way to mark some ports "RESERVED", so that
bind() fails on them unless the socket has been set to SO_REUSEPORT. It's
unlikely that a caller of bindresvport() would set this flag on its socket.
But when you know you want this port for your app, you could explicitly set it.
This concept could be extended to reserve unprivileged ports. Eg, we could
mark 1521, 3128, ... reserved, so that only proper apps could bind on them,
and more importantly, connect() wouldn't use them.
Cheers,
Willy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Nov 23 2002 - 22:00:16 EST