Do not use ports >512 even if configured. (rshd)

[authbind.git] / authbind.1

diff --git a/authbind.1 b/authbind.1
index 10531b59662dcadeeb89c5feed26c1a205e629b5..a7bb5b54ac7960cf244aa83dab7949d65c7ec155 100644 (file)
--- a/authbind.1
+++ b/authbind.1
@@ -35,7 +35,7 @@ You must invoke the program using
 will set up some environment variables, including an
 .BR LD_PRELOAD ,
 which will allow the program (including any subprocesses it may run)
 will set up some environment variables, including an
 .BR LD_PRELOAD ,
 which will allow the program (including any subprocesses it may run)

-to bind to low-numbered (<1024) ports if the system is configured to
+to bind to low-numbered (<512) ports if the system is configured to

 allow this.
 .SH ACCESS CONTROL
 Access to low numbered ports is controlled by permissions and contents
 allow this.
 .SH ACCESS CONTROL
 Access to low numbered ports is controlled by permissions and contents


@@ -201,6 +201,11 @@ to happen and
 signal to be delivered.  Programs should not rely on standard
 libraries not doing these things.
 .PP
 signal to be delivered.  Programs should not rely on standard
 libraries not doing these things.
 .PP

+Ports from 512 to 1023 inclusive cannot be used with
+.B authbind
+because that would create a security hole, in conjection with
+.BR rshd .
+.PP

 The access control configuration scheme is somewhat strange.
 .SH FILES AND ENVIRONMENT VARIABLES
 .TP
 The access control configuration scheme is somewhat strange.
 .SH FILES AND ENVIRONMENT VARIABLES
 .TP