[4648] in bugtraq
Re: [SNI-14]: Solaris rpcbind vulnerability
daemon@ATHENA.MIT.EDU (Theo de Raadt)
Mon Jun 9 00:05:56 1997
Date: Sun, 8 Jun 1997 11:48:51 -0600
Reply-To: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
From: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
X-To: Dmitry Kohmanyuk <dk@GENESYSLAB.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Fri, 06 Jun 1997 16:33:25 PDT."
<19970606163325.52797@genesyslab.com>
> On Fri, Jun 06, 1997 at 06:41:22PM +0100, Alan Cox wrote:
> > > A bind() with sin.sin_port == 0 will return a random port in a range
> > > > 1024.
> > > We think this is a big win, though the bugs that are exploitable with
> > > predictable port ranges are quite difficult to play with (and rare).
> >
> > Theo, Linux does likewise - and you also get a performance advantage. However
> > your explanation misses a problem - you may randomly assign port 6000 - which
> > is sort of a well known port for X windows
>
> not if there is a way to specify _port ranges_ for random allocation.
>
> on FreeBSD, those sysctl vars exist:
> net.inet.ip.portrange.lowfirst: 1023
> net.inet.ip.portrange.lowlast: 600
> net.inet.ip.portrange.first: 1024
> net.inet.ip.portrange.last: 5000
> net.inet.ip.portrange.hifirst: 40000
> net.inet.ip.portrange.hilast: 44999
>
> The port is allocated within appropriate one of these ranges.
> Does OpenBSD have the same facility?
net.inet.ip.portfirst = 1024
net.inet.ip.portlast = 5000
net.inet.ip.porthifirst = 40000
net.inet.ip.porthilast = 44999
Problem solved.
