Do not use ports >512 even if configured. (rshd)

diff --git a/Makefile b/Makefile
index cd9e8780244570ef9320ebb978ca746eb6cadd7a..193234882c2548cc96e1c50452cd2b8742b2fc75 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -54,7 +54,7 @@ install:              $(TARGETS)
                install -o root -g root -m 755 -s authbind $(bin_dir)/.
                install -o root -g root -m 755 $(LIBTARGET) $(lib_dir)/.
                strip --strip-unneeded $(lib_dir)/$(LIBTARGET)
-               ln -s $(LIBTARGET) $(lib_dir)/$(LIBCANON)
+               ln -sf $(LIBTARGET) $(lib_dir)/$(LIBCANON)
                install -o root -g root -m 4755 -s helper $(lib_dir)/.
                install -o root -g root -m 755 -d $(etc_dir) \
                        $(etc_dir)/byport $(etc_dir)/byaddr $(etc_dir)/byuid

diff --git a/authbind-helper.8 b/authbind-helper.8
index 55c5e0593ca0155aef7d32e853e523942b375b0d..d45658c7496e3cca3f2004788fb250c7879cc10b 100644 (file)
--- a/authbind-helper.8
+++ b/authbind-helper.8
@@ -49,6 +49,12 @@ leading
 of exactly the right length (8 and 4 digits, respectively), being
 a pairs of hex digits for each byte in the address or port number when
 expressed in network byte order.
+.PP
+.B helper
+will not bind to ports 512 and onwards, because programs like
+.B rshd
+expect these to be used for outgoing connections, so allowing a user
+to bind to one of these would open up security hole(s).
 .SH EXIT STATUS
 .B helper
 will exit with code 0 on success.

diff --git a/authbind.1 b/authbind.1
index 10531b59662dcadeeb89c5feed26c1a205e629b5..a7bb5b54ac7960cf244aa83dab7949d65c7ec155 100644 (file)
--- a/authbind.1
+++ b/authbind.1
@@ -35,7 +35,7 @@ You must invoke the program using
 will set up some environment variables, including an
 .BR LD_PRELOAD ,
 which will allow the program (including any subprocesses it may run)
-to bind to low-numbered (<1024) ports if the system is configured to
+to bind to low-numbered (<512) ports if the system is configured to
 allow this.
 .SH ACCESS CONTROL
 Access to low numbered ports is controlled by permissions and contents
@@ -201,6 +201,11 @@ to happen and
 signal to be delivered.  Programs should not rely on standard
 libraries not doing these things.
 .PP
+Ports from 512 to 1023 inclusive cannot be used with
+.B authbind
+because that would create a security hole, in conjection with
+.BR rshd .
+.PP
 The access control configuration scheme is somewhat strange.
 .SH FILES AND ENVIRONMENT VARIABLES
 .TP

diff --git a/debian/changelog b/debian/changelog
index ac3a5ea1f4ec699a91ea75bf1d6690cd6eb4c97e..bead4e818d6634c8e4ac19d9099f213818ff78ed 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-authbind (1.0-1) experimental; urgency=low
+authbind (1.0) experimental; urgency=low
 
   * Following testing, we can call this 1.0.
 

diff --git a/helper.c b/helper.c
index 5bd95fd24dbc8ed66d6826508cf02ed4f9f45a3d..96892abf476fb4e6dc1925f3d4f518fd1d7c9812 100644 (file)
--- a/helper.c
+++ b/helper.c
@@ -72,6 +72,7 @@ int main(int argc, const char *const *argv) {
   if (argc != 3) badusage(); 
   addr= strtoul(argv[1],&ep,16); if (*ep || addr&~0x0ffffffffUL) badusage();
   port= strtoul(argv[2],&ep,16); if (*ep || port&~0x0ffffUL) badusage();
+  if (port >= IPPORT_RESERVED/2) _exit(EPERM);
 
   if (chdir(CONFIGDIR)) perrorfail("chdir " CONFIGDIR);
 

diff --git a/libauthbind.c b/libauthbind.c
index 0de3d3c58a9169a4affaf94ca1cc7cdc81a12226..3bdd58f9d89b546c2725e49c7d9dcb5d93d19836 100644 (file)
--- a/libauthbind.c
+++ b/libauthbind.c
@@ -80,7 +80,7 @@ int bind(int fd, const struct sockaddr *addr, socklen_t addrlen) {
   int status;
   
   if (addr->sa_family != AF_INET || addrlen != sizeof(struct sockaddr_in) ||
-      ntohs(((struct sockaddr_in*)addr)->sin_port) >= 1024 || !geteuid())
+      ntohs(((struct sockaddr_in*)addr)->sin_port) >= IPPORT_RESERVED/2 || !geteuid())
     return old_bind(fd,addr,addrlen);
 
   if (getenv(AUTHBIND_NESTED_VAR)) {