From ced277da933eb4aeb199ee534cfe9a15804061cc Mon Sep 17 00:00:00 2001 From: ian Date: Sun, 30 Aug 1998 03:07:34 +0000 Subject: [PATCH] Do not use ports >512 even if configured. (rshd) --- Makefile | 2 +- authbind-helper.8 | 6 ++++++ authbind.1 | 7 ++++++- debian/changelog | 2 +- helper.c | 1 + libauthbind.c | 2 +- 6 files changed, 16 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index cd9e878..1932348 100644 --- a/Makefile +++ b/Makefile @@ -54,7 +54,7 @@ install: $(TARGETS) install -o root -g root -m 755 -s authbind $(bin_dir)/. install -o root -g root -m 755 $(LIBTARGET) $(lib_dir)/. strip --strip-unneeded $(lib_dir)/$(LIBTARGET) - ln -s $(LIBTARGET) $(lib_dir)/$(LIBCANON) + ln -sf $(LIBTARGET) $(lib_dir)/$(LIBCANON) install -o root -g root -m 4755 -s helper $(lib_dir)/. install -o root -g root -m 755 -d $(etc_dir) \ $(etc_dir)/byport $(etc_dir)/byaddr $(etc_dir)/byuid diff --git a/authbind-helper.8 b/authbind-helper.8 index 55c5e05..d45658c 100644 --- a/authbind-helper.8 +++ b/authbind-helper.8 @@ -49,6 +49,12 @@ leading of exactly the right length (8 and 4 digits, respectively), being a pairs of hex digits for each byte in the address or port number when expressed in network byte order. +.PP +.B helper +will not bind to ports 512 and onwards, because programs like +.B rshd +expect these to be used for outgoing connections, so allowing a user +to bind to one of these would open up security hole(s). .SH EXIT STATUS .B helper will exit with code 0 on success. diff --git a/authbind.1 b/authbind.1 index 10531b5..a7bb5b5 100644 --- a/authbind.1 +++ b/authbind.1 @@ -35,7 +35,7 @@ You must invoke the program using will set up some environment variables, including an .BR LD_PRELOAD , which will allow the program (including any subprocesses it may run) -to bind to low-numbered (<1024) ports if the system is configured to +to bind to low-numbered (<512) ports if the system is configured to allow this. .SH ACCESS CONTROL Access to low numbered ports is controlled by permissions and contents @@ -201,6 +201,11 @@ to happen and signal to be delivered. Programs should not rely on standard libraries not doing these things. .PP +Ports from 512 to 1023 inclusive cannot be used with +.B authbind +because that would create a security hole, in conjection with +.BR rshd . +.PP The access control configuration scheme is somewhat strange. .SH FILES AND ENVIRONMENT VARIABLES .TP diff --git a/debian/changelog b/debian/changelog index ac3a5ea..bead4e8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -authbind (1.0-1) experimental; urgency=low +authbind (1.0) experimental; urgency=low * Following testing, we can call this 1.0. diff --git a/helper.c b/helper.c index 5bd95fd..96892ab 100644 --- a/helper.c +++ b/helper.c @@ -72,6 +72,7 @@ int main(int argc, const char *const *argv) { if (argc != 3) badusage(); addr= strtoul(argv[1],&ep,16); if (*ep || addr&~0x0ffffffffUL) badusage(); port= strtoul(argv[2],&ep,16); if (*ep || port&~0x0ffffUL) badusage(); + if (port >= IPPORT_RESERVED/2) _exit(EPERM); if (chdir(CONFIGDIR)) perrorfail("chdir " CONFIGDIR); diff --git a/libauthbind.c b/libauthbind.c index 0de3d3c..3bdd58f 100644 --- a/libauthbind.c +++ b/libauthbind.c @@ -80,7 +80,7 @@ int bind(int fd, const struct sockaddr *addr, socklen_t addrlen) { int status; if (addr->sa_family != AF_INET || addrlen != sizeof(struct sockaddr_in) || - ntohs(((struct sockaddr_in*)addr)->sin_port) >= 1024 || !geteuid()) + ntohs(((struct sockaddr_in*)addr)->sin_port) >= IPPORT_RESERVED/2 || !geteuid()) return old_bind(fd,addr,addrlen); if (getenv(AUTHBIND_NESTED_VAR)) { -- 2.30.2