Message ID | 1407828058-9939-1-git-send-email-li.wang@windriver.com |
---|---|
State | New |
Headers | show |
diff --git a/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch b/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch new file mode 100644 index 0000000..112b713 --- /dev/null +++ b/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch @@ -0,0 +1,82 @@ +Upstream-Status: Pending + +diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c +index f6bd6bd..a2ef152 100644 +--- a/src/rpcb_svc_com.c ++++ b/src/rpcb_svc_com.c +@@ -48,6 +48,7 @@ + #include <rpc/rpc.h> + #include <rpc/rpcb_prot.h> + #include <rpc/svc_dg.h> ++#include <rpc/rpc_com.h> + #include <netconfig.h> + #include <errno.h> + #include <syslog.h> +@@ -496,6 +497,7 @@ xdr_opaque_parms(XDR *xdrs, struct r_rmtcall_args *cap) + + static struct rmtcallfd_list *rmthead; + static struct rmtcallfd_list *rmttail; ++extern unsigned short random_port; + + int + create_rmtcall_fd(struct netconfig *nconf) +@@ -503,6 +505,8 @@ create_rmtcall_fd(struct netconfig *nconf) + int fd; + struct rmtcallfd_list *rmt; + SVCXPRT *xprt; ++ struct __rpc_sockinfo si; ++ struct t_bind taddr; + + if ((fd = __rpc_nconf2fd(nconf)) == -1) { + if (debugging) +@@ -511,6 +515,19 @@ create_rmtcall_fd(struct netconfig *nconf) + nconf->nc_device, errno); + return (-1); + } ++ ++ if (random_port) { ++ __rpc_fd2sockinfo(fd, &si); ++ memset(&taddr, 0, sizeof(taddr)); ++ taddr.addr.maxlen = taddr.addr.len = si.si_alen; ++ taddr.addr.buf = malloc(si.si_alen); ++ if (taddr.addr.buf == NULL) { ++ return -1; ++ } ++ *(unsigned short *)(&(taddr.addr.buf[0])) = si.si_af; ++ *(unsigned short *)(&(taddr.addr.buf[2])) = htons(random_port); ++ xprt = svc_tli_create(fd, nconf, &taddr, RPC_MAXDATASIZE, RPC_MAXDATASIZE); ++ } else + xprt = svc_tli_create(fd, 0, (struct t_bind *) 0, 0, 0); + if (xprt == NULL) { + if (debugging) +diff --git a/src/rpcbind.c b/src/rpcbind.c +index 83dbe93..e82cf45 100644 +--- a/src/rpcbind.c ++++ b/src/rpcbind.c +@@ -99,6 +99,7 @@ int runasdaemon = 0; + int insecure = 0; + int oldstyle_local = 0; + int verboselog = 0; ++unsigned short random_port = 0; + + char **hosts = NULL; + int nhosts = 0; +@@ -748,7 +749,7 @@ parseargs(int argc, char *argv[]) + { + int c; + oldstyle_local = 1; +- while ((c = getopt(argc, argv, "adh:ilswf")) != -1) { ++ while ((c = getopt(argc, argv, "adh:p:ilswf")) != -1) { + switch (c) { + case 'a': + doabort = 1; /* when debugging, do an abort on */ +@@ -766,6 +767,9 @@ parseargs(int argc, char *argv[]) + if (hosts[nhosts - 1] == NULL) + errx(1, "Out of memory"); + break; ++ case 'p': ++ random_port = atoi(optarg); ++ break; + case 'i': + insecure = 1; + break; diff --git a/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb b/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb index 89e567b..65351d0 100644 --- a/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb +++ b/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb @@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b46486e4c4a416602693a711bb5bfa39 \ SRC_URI = "${SOURCEFORGE_MIRROR}/rpcbind/rpcbind-${PV}.tar.bz2 \ file://0001-rpcbind-rpcuser-not-being-set-in-Makefile.am.patch \ + file://rpcbind_add_option_to_fix_port_number.patch \ file://init.d \ ${UCLIBCPATCHES} \ file://rpcbind.conf \
Hi, I will add the follow header to the new patch: ===== rpcbind: add option to fix port number fix a random port to offer customer an option for select. Signed-off-by: Li Wang <li.wang@windriver.com> ===== Thanks, LiWang. On 08/12/2014 03:20 PM, Li Wang wrote: > fix a random port to offer customer an option for select. > > Signed-off-by: Li Wang <li.wang@windriver.com> > --- > .../rpcbind_add_option_to_fix_port_number.patch | 82 ++++++++++++++++++++ > meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb | 1 + > 2 files changed, 83 insertions(+) > create mode 100644 meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch > > diff --git a/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch b/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch > new file mode 100644 > index 0000000..112b713 > --- /dev/null > +++ b/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch > @@ -0,0 +1,82 @@ > +Upstream-Status: Pending > + > +diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c > +index f6bd6bd..a2ef152 100644 > +--- a/src/rpcb_svc_com.c > ++++ b/src/rpcb_svc_com.c > +@@ -48,6 +48,7 @@ > + #include <rpc/rpc.h> > + #include <rpc/rpcb_prot.h> > + #include <rpc/svc_dg.h> > ++#include <rpc/rpc_com.h> > + #include <netconfig.h> > + #include <errno.h> > + #include <syslog.h> > +@@ -496,6 +497,7 @@ xdr_opaque_parms(XDR *xdrs, struct r_rmtcall_args *cap) > + > + static struct rmtcallfd_list *rmthead; > + static struct rmtcallfd_list *rmttail; > ++extern unsigned short random_port; > + > + int > + create_rmtcall_fd(struct netconfig *nconf) > +@@ -503,6 +505,8 @@ create_rmtcall_fd(struct netconfig *nconf) > + int fd; > + struct rmtcallfd_list *rmt; > + SVCXPRT *xprt; > ++ struct __rpc_sockinfo si; > ++ struct t_bind taddr; > + > + if ((fd = __rpc_nconf2fd(nconf)) == -1) { > + if (debugging) > +@@ -511,6 +515,19 @@ create_rmtcall_fd(struct netconfig *nconf) > + nconf->nc_device, errno); > + return (-1); > + } > ++ > ++ if (random_port) { > ++ __rpc_fd2sockinfo(fd, &si); > ++ memset(&taddr, 0, sizeof(taddr)); > ++ taddr.addr.maxlen = taddr.addr.len = si.si_alen; > ++ taddr.addr.buf = malloc(si.si_alen); > ++ if (taddr.addr.buf == NULL) { > ++ return -1; > ++ } > ++ *(unsigned short *)(&(taddr.addr.buf[0])) = si.si_af; > ++ *(unsigned short *)(&(taddr.addr.buf[2])) = htons(random_port); > ++ xprt = svc_tli_create(fd, nconf, &taddr, RPC_MAXDATASIZE, RPC_MAXDATASIZE); > ++ } else > + xprt = svc_tli_create(fd, 0, (struct t_bind *) 0, 0, 0); > + if (xprt == NULL) { > + if (debugging) > +diff --git a/src/rpcbind.c b/src/rpcbind.c > +index 83dbe93..e82cf45 100644 > +--- a/src/rpcbind.c > ++++ b/src/rpcbind.c > +@@ -99,6 +99,7 @@ int runasdaemon = 0; > + int insecure = 0; > + int oldstyle_local = 0; > + int verboselog = 0; > ++unsigned short random_port = 0; > + > + char **hosts = NULL; > + int nhosts = 0; > +@@ -748,7 +749,7 @@ parseargs(int argc, char *argv[]) > + { > + int c; > + oldstyle_local = 1; > +- while ((c = getopt(argc, argv, "adh:ilswf")) != -1) { > ++ while ((c = getopt(argc, argv, "adh:p:ilswf")) != -1) { > + switch (c) { > + case 'a': > + doabort = 1; /* when debugging, do an abort on */ > +@@ -766,6 +767,9 @@ parseargs(int argc, char *argv[]) > + if (hosts[nhosts - 1] == NULL) > + errx(1, "Out of memory"); > + break; > ++ case 'p': > ++ random_port = atoi(optarg); > ++ break; > + case 'i': > + insecure = 1; > + break; > diff --git a/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb b/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb > index 89e567b..65351d0 100644 > --- a/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb > +++ b/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb > @@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b46486e4c4a416602693a711bb5bfa39 \ > > SRC_URI = "${SOURCEFORGE_MIRROR}/rpcbind/rpcbind-${PV}.tar.bz2 \ > file://0001-rpcbind-rpcuser-not-being-set-in-Makefile.am.patch \ > + file://rpcbind_add_option_to_fix_port_number.patch \ > file://init.d \ > ${UCLIBCPATCHES} \ > file://rpcbind.conf \
On 12 August 2014 08:20, Li Wang <li.wang@windriver.com> wrote:
> fix a random port to offer customer an option for select.
I'm curious as to why this is needed.
Ross
Hi, this is a description from customer: ===== customer's description of the problem: " It would seem rcpbind opens a random port. Clearly not the most simple thing to protect with an ipfilter. Opening random ports in privileged port range, among them one port that identifies itself as pop3s, is not a good practice. Both Ericsson and our customers run regular vulnerability assessment tools against our product, and this will clearly be seen as a potential problem. Furthermore, we will not be able to filter the ports, since they are random, and neither will we be able to provide decent answers to our customers. To summarize: this should be taken care of, ie fix rpcbind so that it uses a non random port and/or to bind to a specific interface. ===== Thanks, LiWang. On 08/12/2014 04:41 PM, Burton, Ross wrote: > On 12 August 2014 08:20, Li Wang <li.wang@windriver.com> wrote: >> fix a random port to offer customer an option for select. > I'm curious as to why this is needed. > > Ross
On 12 August 2014 08:20, Li Wang <li.wang@windriver.com> wrote: > ++ } else > + xprt = svc_tli_create(fd, 0, (struct t_bind *) 0, 0, 0); *Please* don't do that, match bracket style instead. Ross
On 12 August 2014 09:44, Li.Wang <Li.Wang@windriver.com> wrote: > Opening random ports in privileged port range, among them one port that > identifies itself as pop3s, is not a good practice. Both Ericsson and > our > customers run regular vulnerability assessment tools against our > product, > and this will clearly be seen as a potential problem. Furthermore, we > will > not be able to filter the ports, since they are random, and neither will > we > be able to provide decent answers to our customers. To summarize: this > should be taken care of, ie fix rpcbind so that it uses a non random > port > and/or to bind to a specific interface. This has been bothering me so I just did some digging. rpcbind opening random ports is rather "misguided" but it appears that passing -s to rpcbind will cause it to drop it's privs and setuid down to "daemon", with the side-effect that it can't open the privileged ports anymore. (source: http://wiki.metawerx.net/wiki/setrpcrandomport) Ross
On 09/05/2014 11:24 PM, Burton, Ross wrote: > On 12 August 2014 09:44, Li.Wang <Li.Wang@windriver.com> wrote: >> Opening random ports in privileged port range, among them one port that >> identifies itself as pop3s, is not a good practice. Both Ericsson and >> our >> customers run regular vulnerability assessment tools against our >> product, >> and this will clearly be seen as a potential problem. Furthermore, we >> will >> not be able to filter the ports, since they are random, and neither will >> we >> be able to provide decent answers to our customers. To summarize: this >> should be taken care of, ie fix rpcbind so that it uses a non random >> port >> and/or to bind to a specific interface. > This has been bothering me so I just did some digging. rpcbind > opening random ports is rather "misguided" but it appears that passing > -s to rpcbind will cause it to drop it's privs and setuid down to > "daemon", with the side-effect that it can't open the privileged ports > anymore. > > (source: http://wiki.metawerx.net/wiki/setrpcrandomport) this way uses dynamic library, and I use command option which insert code to rpcbind. I think our thought are same, but the complements are different. indeed, rpcbind has two random ports: one can be fixed by configure file. the patch is to point at the other one. Thanks, LiWang. > > Ross
fix a random port to offer customer an option for select. Signed-off-by: Li Wang <li.wang@windriver.com> --- .../rpcbind_add_option_to_fix_port_number.patch | 82 ++++++++++++++++++++ meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb | 1 + 2 files changed, 83 insertions(+) create mode 100644 meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch