diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2000-07-31 17:28:27 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2000-07-31 17:28:27 +0000 |
commit | f15f086ada58bbf454548427403d2f12094c1cbb (patch) | |
tree | 4d0e3104fa3d59bc7d4c7bb968bf30050adb09e1 | |
parent | 52322c4f91aebe0a80559a1fe4ade0a3839c4ae2 (diff) |
before, we blocked non-root from changing mappings pointed at reserved ports.
Now, block non-root from setting them up in the first place.
Also, check that pm_port is not > 65536
-rw-r--r-- | usr.sbin/portmap/portmap.c | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/usr.sbin/portmap/portmap.c b/usr.sbin/portmap/portmap.c index 89fadf6c564..e01b03d4ac7 100644 --- a/usr.sbin/portmap/portmap.c +++ b/usr.sbin/portmap/portmap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: portmap.c,v 1.17 2000/07/31 17:27:11 deraadt Exp $ */ +/* $OpenBSD: portmap.c,v 1.18 2000/07/31 17:28:26 deraadt Exp $ */ /*- * Copyright (c) 1996, 1997 Theo de Raadt (OpenBSD). All rights reserved. @@ -44,7 +44,7 @@ char copyright[] = #if 0 static char sccsid[] = "from: @(#)portmap.c 5.4 (Berkeley) 4/19/91"; #else -static char rcsid[] = "$OpenBSD: portmap.c,v 1.17 2000/07/31 17:27:11 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: portmap.c,v 1.18 2000/07/31 17:28:26 deraadt Exp $"; #endif #endif /* not lint */ @@ -331,11 +331,22 @@ reg_service(rqstp, xprt) goto done; } - /* check if secure */ - if (fnd && (fnd->pml_map.pm_port < IPPORT_RESERVED || - fnd->pml_map.pm_port == NFS_PORT) && + if (debugging) + printf("set: prog %u vers %u port %u\n", + reg.pm_prog, reg.pm_vers, reg.pm_port); + + if (reg.pm_port & ~0xffff) + goto done; + + /* + * only permit localhost root to create + * mappings pointing at sensitive ports + */ + if ((reg.pm_port < IPPORT_RESERVED || + reg.pm_port == NFS_PORT) && htons(fromsin->sin_port) >= IPPORT_RESERVED) { - syslog(LOG_WARNING, "resvport set attempt by non-root"); + syslog(LOG_WARNING, + "resvport set attempt by non-root"); goto done; } |