netbsd-bugs: kern/2671: privileged ports bogosity

Subject: kern/2671: privileged ports bogosity
To: None <gnats-bugs@NetBSD.ORG>
From: None <ndd2@columbia.edu>
List: netbsd-bugs
Date: 08/02/1996 12:26:18
>Number:         2671
>Category:       kern
>Synopsis:       patch to allow binds on privileged ports
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Fri Aug  2 16:50:01 1996
>Last-Modified:
>Originator:     Nathaniel D. Daw
>Organization:
Piermont Information Systems
>Release:        NetBSD 1.2_BETA Aug. 2, 1996
>Environment:
System: NetBSD nat.philo.org 1.2_BETA NetBSD 1.2_BETA (NAT2) #21: Fri Aug 2 10:04:22 EDT 1996 nat@dialup227.cc.columbia.edu:/usr/src/sys/arch/i386/compile/NAT2 i386


>Description:
	That non-root processes can't bind to privileged ports is
	(a) more or less useless from a network security perspective
	in many environments (for instance since you can't in general
	trust root on foreign machines anyway) and (b) very dangerous
        to security to the extent that it forces demons which would
	otherwise be able to run non-privileged to be run as root.
	Workarounds like binding as root and then relinquishing privilege
	are often ignored and can lead to race conditions and other problems.
	Since the feature is of dubious utility anyway, I suggest it be
	configurable.
>How-To-Repeat:
	try running, say, ftpd as non-root.
>Fix:
	The following trivial patch to src/sys/netinet/in_pcb.c adds a
	kernel config option NOPRIVPORTS.
	
	"options NOPRIVPORTS" in your config disables the UID check
	on binds.

	
*** in_pcb.c.orig       Fri Aug  2 09:51:08 1996
--- in_pcb.c    Fri Aug  2 09:55:08 1996
***************
*** 150,158 ****
                if (lport) {
                        struct inpcb *t;
! 
                        /* GROSS */
                        if (ntohs(lport) < IPPORT_RESERVED &&
                            (error = suser(p->p_ucred, &p->p_acflag)))
                                return (EACCES);
                        t = in_pcblookup(table, zeroin_addr, 0,
                            sin->sin_addr, lport, wild);
--- 150,159 ----
                if (lport) {
                        struct inpcb *t;
! #ifndef NOPRIVPORTS
                        /* GROSS */
                        if (ntohs(lport) < IPPORT_RESERVED &&
                            (error = suser(p->p_ucred, &p->p_acflag)))
                                return (EACCES);
+ #endif
                        t = in_pcblookup(table, zeroin_addr, 0,
                            sin->sin_addr, lport, wild);
>Audit-Trail:
>Unformatted: