[4645] in bugtraq
Re: [SNI-14]: Solaris rpcbind vulnerability
daemon@ATHENA.MIT.EDU (Dmitry Kohmanyuk)
Sat Jun 7 14:39:10 1997
Date: Fri, 6 Jun 1997 16:33:25 -0700
Reply-To: Dmitry Kohmanyuk <dk@GENESYSLAB.COM>
From: Dmitry Kohmanyuk <dk@GENESYSLAB.COM>
X-To: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <m0wa30t-0005FdC@lightning.swansea.linux.org.uk>; from Alan Cox
on Fri, Jun 06, 1997 at 06:41:22PM +0100
On Fri, Jun 06, 1997 at 06:41:22PM +0100, Alan Cox wrote:
> > A bind() with sin.sin_port == 0 will return a random port in a range
> > > 1024.
> > We think this is a big win, though the bugs that are exploitable with
> > predictable port ranges are quite difficult to play with (and rare).
>
> Theo, Linux does likewise - and you also get a performance advantage. However
> your explanation misses a problem - you may randomly assign port 6000 - which
> is sort of a well known port for X windows
not if there is a way to specify _port ranges_ for random allocation.
on FreeBSD, those sysctl vars exist:
net.inet.ip.portrange.lowfirst: 1023
net.inet.ip.portrange.lowlast: 600
net.inet.ip.portrange.first: 1024
net.inet.ip.portrange.last: 5000
net.inet.ip.portrange.hifirst: 40000
net.inet.ip.portrange.hilast: 44999
The port is allocated within appropriate one of these ranges.
Does OpenBSD have the same facility?
