rpcbind: add option to fix port number

Submitted by Li Wang on Aug. 12, 2014, 7:20 a.m. | Patch ID: 77957

Details

Message ID 1407828058-9939-1-git-send-email-li.wang@windriver.com
State New
Headers show

Commit Message

Li Wang Aug. 12, 2014, 7:20 a.m.
fix a random port to offer customer an option for select.

Signed-off-by: Li Wang <li.wang@windriver.com>
---
 .../rpcbind_add_option_to_fix_port_number.patch    |   82 ++++++++++++++++++++
 meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb     |    1 +
 2 files changed, 83 insertions(+)
 create mode 100644 meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch

Patch hide | download patch | download mbox

diff --git a/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch b/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch
new file mode 100644
index 0000000..112b713
--- /dev/null
+++ b/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch
@@ -0,0 +1,82 @@ 
+Upstream-Status: Pending
+
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index f6bd6bd..a2ef152 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -48,6 +48,7 @@
+ #include <rpc/rpc.h>
+ #include <rpc/rpcb_prot.h>
+ #include <rpc/svc_dg.h>
++#include <rpc/rpc_com.h>
+ #include <netconfig.h>
+ #include <errno.h>
+ #include <syslog.h>
+@@ -496,6 +497,7 @@ xdr_opaque_parms(XDR *xdrs, struct r_rmtcall_args *cap)
+ 
+ static struct rmtcallfd_list *rmthead;
+ static struct rmtcallfd_list *rmttail;
++extern unsigned short random_port;
+ 
+ int
+ create_rmtcall_fd(struct netconfig *nconf)
+@@ -503,6 +505,8 @@ create_rmtcall_fd(struct netconfig *nconf)
+ 	int fd;
+ 	struct rmtcallfd_list *rmt;
+ 	SVCXPRT *xprt;
++	struct __rpc_sockinfo si;
++	struct t_bind taddr;
+ 
+ 	if ((fd = __rpc_nconf2fd(nconf)) == -1) {
+ 		if (debugging)
+@@ -511,6 +515,19 @@ create_rmtcall_fd(struct netconfig *nconf)
+ 			nconf->nc_device, errno);
+ 		return (-1);
+ 	}
++
++	if (random_port) {
++		__rpc_fd2sockinfo(fd, &si);
++		memset(&taddr, 0, sizeof(taddr));
++		taddr.addr.maxlen = taddr.addr.len = si.si_alen;
++		taddr.addr.buf = malloc(si.si_alen);
++		if (taddr.addr.buf == NULL) {
++			return -1;
++		}
++		*(unsigned short *)(&(taddr.addr.buf[0])) = si.si_af;
++		*(unsigned short *)(&(taddr.addr.buf[2])) = htons(random_port);
++		xprt = svc_tli_create(fd, nconf, &taddr, RPC_MAXDATASIZE, RPC_MAXDATASIZE);
++	} else
+ 	xprt = svc_tli_create(fd, 0, (struct t_bind *) 0, 0, 0);
+ 	if (xprt == NULL) {
+ 		if (debugging)
+diff --git a/src/rpcbind.c b/src/rpcbind.c
+index 83dbe93..e82cf45 100644
+--- a/src/rpcbind.c
++++ b/src/rpcbind.c
+@@ -99,6 +99,7 @@ int runasdaemon = 0;
+ int insecure = 0;
+ int oldstyle_local = 0;
+ int verboselog = 0;
++unsigned short random_port = 0;
+ 
+ char **hosts = NULL;
+ int nhosts = 0;
+@@ -748,7 +749,7 @@ parseargs(int argc, char *argv[])
+ {
+ 	int c;
+ 	oldstyle_local = 1;
+-	while ((c = getopt(argc, argv, "adh:ilswf")) != -1) {
++	while ((c = getopt(argc, argv, "adh:p:ilswf")) != -1) {
+ 		switch (c) {
+ 		case 'a':
+ 			doabort = 1;	/* when debugging, do an abort on */
+@@ -766,6 +767,9 @@ parseargs(int argc, char *argv[])
+ 			if (hosts[nhosts - 1] == NULL)
+ 				errx(1, "Out of memory");
+ 			break;
++		case 'p':
++			random_port = atoi(optarg);
++			break;
+ 		case 'i':
+ 			insecure = 1;
+ 			break;
diff --git a/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb b/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
index 89e567b..65351d0 100644
--- a/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
+++ b/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
@@ -12,6 +12,7 @@  LIC_FILES_CHKSUM = "file://COPYING;md5=b46486e4c4a416602693a711bb5bfa39 \
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/rpcbind/rpcbind-${PV}.tar.bz2 \
            file://0001-rpcbind-rpcuser-not-being-set-in-Makefile.am.patch \
+           file://rpcbind_add_option_to_fix_port_number.patch \
            file://init.d \
            ${UCLIBCPATCHES} \
            file://rpcbind.conf \

Comments

Li Wang Aug. 12, 2014, 8:10 a.m.
Hi,

I will add the follow header to the new patch:
=====
rpcbind: add option to fix port number

fix a random port to offer customer an option for select.

Signed-off-by: Li Wang <li.wang@windriver.com>
=====

Thanks,
LiWang.

On 08/12/2014 03:20 PM, Li Wang wrote:
> fix a random port to offer customer an option for select.
>
> Signed-off-by: Li Wang <li.wang@windriver.com>
> ---
>   .../rpcbind_add_option_to_fix_port_number.patch    |   82 ++++++++++++++++++++
>   meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb     |    1 +
>   2 files changed, 83 insertions(+)
>   create mode 100644 meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch
>
> diff --git a/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch b/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch
> new file mode 100644
> index 0000000..112b713
> --- /dev/null
> +++ b/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch
> @@ -0,0 +1,82 @@
> +Upstream-Status: Pending
> +
> +diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
> +index f6bd6bd..a2ef152 100644
> +--- a/src/rpcb_svc_com.c
> ++++ b/src/rpcb_svc_com.c
> +@@ -48,6 +48,7 @@
> + #include <rpc/rpc.h>
> + #include <rpc/rpcb_prot.h>
> + #include <rpc/svc_dg.h>
> ++#include <rpc/rpc_com.h>
> + #include <netconfig.h>
> + #include <errno.h>
> + #include <syslog.h>
> +@@ -496,6 +497,7 @@ xdr_opaque_parms(XDR *xdrs, struct r_rmtcall_args *cap)
> +
> + static struct rmtcallfd_list *rmthead;
> + static struct rmtcallfd_list *rmttail;
> ++extern unsigned short random_port;
> +
> + int
> + create_rmtcall_fd(struct netconfig *nconf)
> +@@ -503,6 +505,8 @@ create_rmtcall_fd(struct netconfig *nconf)
> + 	int fd;
> + 	struct rmtcallfd_list *rmt;
> + 	SVCXPRT *xprt;
> ++	struct __rpc_sockinfo si;
> ++	struct t_bind taddr;
> +
> + 	if ((fd = __rpc_nconf2fd(nconf)) == -1) {
> + 		if (debugging)
> +@@ -511,6 +515,19 @@ create_rmtcall_fd(struct netconfig *nconf)
> + 			nconf->nc_device, errno);
> + 		return (-1);
> + 	}
> ++
> ++	if (random_port) {
> ++		__rpc_fd2sockinfo(fd, &si);
> ++		memset(&taddr, 0, sizeof(taddr));
> ++		taddr.addr.maxlen = taddr.addr.len = si.si_alen;
> ++		taddr.addr.buf = malloc(si.si_alen);
> ++		if (taddr.addr.buf == NULL) {
> ++			return -1;
> ++		}
> ++		*(unsigned short *)(&(taddr.addr.buf[0])) = si.si_af;
> ++		*(unsigned short *)(&(taddr.addr.buf[2])) = htons(random_port);
> ++		xprt = svc_tli_create(fd, nconf, &taddr, RPC_MAXDATASIZE, RPC_MAXDATASIZE);
> ++	} else
> + 	xprt = svc_tli_create(fd, 0, (struct t_bind *) 0, 0, 0);
> + 	if (xprt == NULL) {
> + 		if (debugging)
> +diff --git a/src/rpcbind.c b/src/rpcbind.c
> +index 83dbe93..e82cf45 100644
> +--- a/src/rpcbind.c
> ++++ b/src/rpcbind.c
> +@@ -99,6 +99,7 @@ int runasdaemon = 0;
> + int insecure = 0;
> + int oldstyle_local = 0;
> + int verboselog = 0;
> ++unsigned short random_port = 0;
> +
> + char **hosts = NULL;
> + int nhosts = 0;
> +@@ -748,7 +749,7 @@ parseargs(int argc, char *argv[])
> + {
> + 	int c;
> + 	oldstyle_local = 1;
> +-	while ((c = getopt(argc, argv, "adh:ilswf")) != -1) {
> ++	while ((c = getopt(argc, argv, "adh:p:ilswf")) != -1) {
> + 		switch (c) {
> + 		case 'a':
> + 			doabort = 1;	/* when debugging, do an abort on */
> +@@ -766,6 +767,9 @@ parseargs(int argc, char *argv[])
> + 			if (hosts[nhosts - 1] == NULL)
> + 				errx(1, "Out of memory");
> + 			break;
> ++		case 'p':
> ++			random_port = atoi(optarg);
> ++			break;
> + 		case 'i':
> + 			insecure = 1;
> + 			break;
> diff --git a/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb b/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
> index 89e567b..65351d0 100644
> --- a/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
> +++ b/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
> @@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b46486e4c4a416602693a711bb5bfa39 \
>   
>   SRC_URI = "${SOURCEFORGE_MIRROR}/rpcbind/rpcbind-${PV}.tar.bz2 \
>              file://0001-rpcbind-rpcuser-not-being-set-in-Makefile.am.patch \
> +           file://rpcbind_add_option_to_fix_port_number.patch \
>              file://init.d \
>              ${UCLIBCPATCHES} \
>              file://rpcbind.conf \
Ross Burton Aug. 12, 2014, 8:41 a.m.
On 12 August 2014 08:20, Li Wang <li.wang@windriver.com> wrote:
> fix a random port to offer customer an option for select.

I'm curious as to why this is needed.

Ross
Li Wang Aug. 12, 2014, 8:44 a.m.
Hi,

this is a description from customer:
=====
customer's description of the problem:
"
It would seem rcpbind opens a random port.
     Clearly not the most simple thing to protect with an ipfilter.
     Opening random ports in privileged port range, among them one port 
that
     identifies itself as pop3s, is not a good practice. Both Ericsson 
and our
     customers run regular vulnerability assessment tools against our 
product,
     and this will clearly be seen as a potential problem. Furthermore, 
we will
     not be able to filter the ports, since they are random, and neither 
will we
     be able to provide decent answers to our customers. To summarize: this
     should be taken care of, ie fix rpcbind so that it uses a non 
random port
     and/or to bind to a specific interface.
=====

Thanks,
LiWang.

On 08/12/2014 04:41 PM, Burton, Ross wrote:
> On 12 August 2014 08:20, Li Wang <li.wang@windriver.com> wrote:
>> fix a random port to offer customer an option for select.
> I'm curious as to why this is needed.
>
> Ross
Ross Burton Aug. 12, 2014, 8:48 a.m.
On 12 August 2014 08:20, Li Wang <li.wang@windriver.com> wrote:
> ++      } else
> +       xprt = svc_tli_create(fd, 0, (struct t_bind *) 0, 0, 0);

*Please* don't do that, match bracket style instead.

Ross
Ross Burton Sept. 5, 2014, 3:24 p.m.
On 12 August 2014 09:44, Li.Wang <Li.Wang@windriver.com> wrote:
>     Opening random ports in privileged port range, among them one port that
>     identifies itself as pop3s, is not a good practice. Both Ericsson and
> our
>     customers run regular vulnerability assessment tools against our
> product,
>     and this will clearly be seen as a potential problem. Furthermore, we
> will
>     not be able to filter the ports, since they are random, and neither will
> we
>     be able to provide decent answers to our customers. To summarize: this
>     should be taken care of, ie fix rpcbind so that it uses a non random
> port
>     and/or to bind to a specific interface.

This has been bothering me so I just did some digging.  rpcbind
opening random ports is rather "misguided" but it appears that passing
-s to rpcbind will cause it to drop it's privs and setuid down to
"daemon", with the side-effect that it can't open the privileged ports
anymore.

(source: http://wiki.metawerx.net/wiki/setrpcrandomport)

Ross
Li Wang Sept. 9, 2014, 8:33 a.m.
On 09/05/2014 11:24 PM, Burton, Ross wrote:
> On 12 August 2014 09:44, Li.Wang <Li.Wang@windriver.com> wrote:
>>      Opening random ports in privileged port range, among them one port that
>>      identifies itself as pop3s, is not a good practice. Both Ericsson and
>> our
>>      customers run regular vulnerability assessment tools against our
>> product,
>>      and this will clearly be seen as a potential problem. Furthermore, we
>> will
>>      not be able to filter the ports, since they are random, and neither will
>> we
>>      be able to provide decent answers to our customers. To summarize: this
>>      should be taken care of, ie fix rpcbind so that it uses a non random
>> port
>>      and/or to bind to a specific interface.
> This has been bothering me so I just did some digging.  rpcbind
> opening random ports is rather "misguided" but it appears that passing
> -s to rpcbind will cause it to drop it's privs and setuid down to
> "daemon", with the side-effect that it can't open the privileged ports
> anymore.
>
> (source: http://wiki.metawerx.net/wiki/setrpcrandomport)
this way uses dynamic library, and I use command option which insert 
code to rpcbind.
I think our thought are same, but the complements are different.

indeed, rpcbind has two random ports:
one can be fixed by configure file.
the patch is to point at the other one.

Thanks,
LiWang.
>
> Ross