Do not use ports >512 even if configured. (rshd)

diff --git a/Makefile b/Makefile
index cd9e8780244570ef9320ebb978ca746eb6cadd7a..193234882c2548cc96e1c50452cd2b8742b2fc75 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -54,7 +54,7 @@ install:              $(TARGETS)
                install -o root -g root -m 755 -s authbind $(bin_dir)/.
                install -o root -g root -m 755 $(LIBTARGET) $(lib_dir)/.
                strip --strip-unneeded $(lib_dir)/$(LIBTARGET)
                install -o root -g root -m 755 -s authbind $(bin_dir)/.
                install -o root -g root -m 755 $(LIBTARGET) $(lib_dir)/.
                strip --strip-unneeded $(lib_dir)/$(LIBTARGET)

-               ln -s $(LIBTARGET) $(lib_dir)/$(LIBCANON)
+               ln -sf $(LIBTARGET) $(lib_dir)/$(LIBCANON)

                install -o root -g root -m 4755 -s helper $(lib_dir)/.
                install -o root -g root -m 755 -d $(etc_dir) \
                        $(etc_dir)/byport $(etc_dir)/byaddr $(etc_dir)/byuid
                install -o root -g root -m 4755 -s helper $(lib_dir)/.
                install -o root -g root -m 755 -d $(etc_dir) \
                        $(etc_dir)/byport $(etc_dir)/byaddr $(etc_dir)/byuid

diff --git a/authbind-helper.8 b/authbind-helper.8
index 55c5e0593ca0155aef7d32e853e523942b375b0d..d45658c7496e3cca3f2004788fb250c7879cc10b 100644 (file)
--- a/authbind-helper.8
+++ b/authbind-helper.8
@@ -49,6 +49,12 @@ leading
 of exactly the right length (8 and 4 digits, respectively), being
 a pairs of hex digits for each byte in the address or port number when
 expressed in network byte order.
 of exactly the right length (8 and 4 digits, respectively), being
 a pairs of hex digits for each byte in the address or port number when
 expressed in network byte order.

+.PP
+.B helper
+will not bind to ports 512 and onwards, because programs like
+.B rshd
+expect these to be used for outgoing connections, so allowing a user
+to bind to one of these would open up security hole(s).

 .SH EXIT STATUS
 .B helper
 will exit with code 0 on success.
 .SH EXIT STATUS
 .B helper
 will exit with code 0 on success.

diff --git a/authbind.1 b/authbind.1
index 10531b59662dcadeeb89c5feed26c1a205e629b5..a7bb5b54ac7960cf244aa83dab7949d65c7ec155 100644 (file)
--- a/authbind.1
+++ b/authbind.1
@@ -35,7 +35,7 @@ You must invoke the program using
 will set up some environment variables, including an
 .BR LD_PRELOAD ,
 which will allow the program (including any subprocesses it may run)
 will set up some environment variables, including an
 .BR LD_PRELOAD ,
 which will allow the program (including any subprocesses it may run)

-to bind to low-numbered (<1024) ports if the system is configured to
+to bind to low-numbered (<512) ports if the system is configured to

 allow this.
 .SH ACCESS CONTROL
 Access to low numbered ports is controlled by permissions and contents
 allow this.
 .SH ACCESS CONTROL
 Access to low numbered ports is controlled by permissions and contents


@@ -201,6 +201,11 @@ to happen and
 signal to be delivered.  Programs should not rely on standard
 libraries not doing these things.
 .PP
 signal to be delivered.  Programs should not rely on standard
 libraries not doing these things.
 .PP

+Ports from 512 to 1023 inclusive cannot be used with
+.B authbind
+because that would create a security hole, in conjection with
+.BR rshd .
+.PP

 The access control configuration scheme is somewhat strange.
 .SH FILES AND ENVIRONMENT VARIABLES
 .TP
 The access control configuration scheme is somewhat strange.
 .SH FILES AND ENVIRONMENT VARIABLES
 .TP

diff --git a/debian/changelog b/debian/changelog
index ac3a5ea1f4ec699a91ea75bf1d6690cd6eb4c97e..bead4e818d6634c8e4ac19d9099f213818ff78ed 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-authbind (1.0-1) experimental; urgency=low
+authbind (1.0) experimental; urgency=low

 
   * Following testing, we can call this 1.0.
 
 
   * Following testing, we can call this 1.0.
 

diff --git a/helper.c b/helper.c
index 5bd95fd24dbc8ed66d6826508cf02ed4f9f45a3d..96892abf476fb4e6dc1925f3d4f518fd1d7c9812 100644 (file)
--- a/helper.c
+++ b/helper.c
@@ -72,6 +72,7 @@ int main(int argc, const char *const *argv) {
   if (argc != 3) badusage(); 
   addr= strtoul(argv[1],&ep,16); if (*ep || addr&~0x0ffffffffUL) badusage();
   port= strtoul(argv[2],&ep,16); if (*ep || port&~0x0ffffUL) badusage();
   if (argc != 3) badusage(); 
   addr= strtoul(argv[1],&ep,16); if (*ep || addr&~0x0ffffffffUL) badusage();
   port= strtoul(argv[2],&ep,16); if (*ep || port&~0x0ffffUL) badusage();

+  if (port >= IPPORT_RESERVED/2) _exit(EPERM);

 
   if (chdir(CONFIGDIR)) perrorfail("chdir " CONFIGDIR);
 
 
   if (chdir(CONFIGDIR)) perrorfail("chdir " CONFIGDIR);
 

diff --git a/libauthbind.c b/libauthbind.c
index 0de3d3c58a9169a4affaf94ca1cc7cdc81a12226..3bdd58f9d89b546c2725e49c7d9dcb5d93d19836 100644 (file)
--- a/libauthbind.c
+++ b/libauthbind.c
@@ -80,7 +80,7 @@ int bind(int fd, const struct sockaddr *addr, socklen_t addrlen) {
   int status;
   
   if (addr->sa_family != AF_INET || addrlen != sizeof(struct sockaddr_in) ||
   int status;
   
   if (addr->sa_family != AF_INET || addrlen != sizeof(struct sockaddr_in) ||

-      ntohs(((struct sockaddr_in*)addr)->sin_port) >= 1024 || !geteuid())
+      ntohs(((struct sockaddr_in*)addr)->sin_port) >= IPPORT_RESERVED/2 || !geteuid())

     return old_bind(fd,addr,addrlen);
 
   if (getenv(AUTHBIND_NESTED_VAR)) {
     return old_bind(fd,addr,addrlen);
 
   if (getenv(AUTHBIND_NESTED_VAR)) {