[OE-core] [PATCH] rpcbind: add option to fix port number
Burton, Ross
ross.burton at intel.com
Fri Sep 5 15:24:25 UTC 2014
On 12 August 2014 09:44, Li.Wang <Li.Wang at windriver.com> wrote:
> Opening random ports in privileged port range, among them one port that
> identifies itself as pop3s, is not a good practice. Both Ericsson and
> our
> customers run regular vulnerability assessment tools against our
> product,
> and this will clearly be seen as a potential problem. Furthermore, we
> will
> not be able to filter the ports, since they are random, and neither will
> we
> be able to provide decent answers to our customers. To summarize: this
> should be taken care of, ie fix rpcbind so that it uses a non random
> port
> and/or to bind to a specific interface.
This has been bothering me so I just did some digging. rpcbind
opening random ports is rather "misguided" but it appears that passing
-s to rpcbind will cause it to drop it's privs and setuid down to
"daemon", with the side-effect that it can't open the privileged ports
anymore.
(source: http://wiki.metawerx.net/wiki/setrpcrandomport)
Ross
More information about the Openembedded-core
mailing list