Subject: bin/7133: portmap needs backward compatibility
To: None <gnats-bugs@gnats.netbsd.org>
From: Matthias Drochner <drochner@zel459.zel.kfa-juelich.de>
List: netbsd-bugs
Date: 03/11/1999 20:43:05
>Number: 7133
>Category: bin
>Synopsis: new security features of portmap are not backward-compatible
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: bin-bug-people (Utility Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Mar 11 11:50:02 1999
>Last-Modified:
>Originator: Matthias Drochner
>Organization:
KFA Juelich
>Release: `date`
>Environment:
-current
System: NetBSD zelz26 1.3K NetBSD 1.3K (I4B) #59: Tue Mar 9 12:46:21 MET 1999 drochner@zelz26:/ca1/home/drochner/checkout/NetBSD/src.ok/sys/arch/i386/compile/I4B i386
>Description:
"portmap" accepts SET and UNSET requests only from "loopback" now.
The libc rpc libc code (get_myaddress()) was changed to submit "loopback"
as originator at the same time. These changes together provide more security
to the RPC framework.
However, existing programs compiled against older libc revisions will submit
a real IP interface address as originator, which will cause portmap to deny
RPC registration.
While "portmap" could be changed to check addresses for locality, I think that
for it's sufficient to disable the access control for compatibility if needed.
>How-To-Repeat:
recent experiences with the 1.3 branch, code inspection
>Fix:
(compile-tested, not more)
Index: portmap.c
===================================================================
RCS file: /cvsroot/src/usr.sbin/portmap/portmap.c,v
retrieving revision 1.18
diff -c -2 -r1.18 portmap.c
*** portmap.c 1999/01/20 14:12:18 1.18
--- portmap.c 1999/03/11 19:26:40
***************
*** 169,172 ****
--- 169,173 ----
int runasdaemon = 0;
int verboselog = 0;
+ int unsecure = 0;
int
***************
*** 181,185 ****
struct pmaplist *pml;
! while ((c = getopt(argc, argv, "dls")) != -1) {
switch (c) {
--- 182,186 ----
struct pmaplist *pml;
! while ((c = getopt(argc, argv, "dlsu")) != -1) {
switch (c) {
***************
*** 196,199 ****
--- 197,204 ----
break;
+ case 'u':
+ unsecure = 1;
+ break;
+
default:
(void) fprintf(stderr, "usage: %s [-d]\n", argv[0]);
***************
*** 334,338 ****
logit(log_severity, svc_getcaller(xprt),
rqstp->rq_proc, reg.pm_prog, "");
! if(!is_loopback(svc_getcaller(xprt))) {
ans = 0;
goto done;
--- 339,343 ----
logit(log_severity, svc_getcaller(xprt),
rqstp->rq_proc, reg.pm_prog, "");
! if (!unsecure && !is_loopback(svc_getcaller(xprt))) {
ans = 0;
goto done;
***************
*** 392,396 ****
logit(log_severity, svc_getcaller(xprt),
rqstp->rq_proc, reg.pm_prog, "");
! if(!is_loopback(svc_getcaller(xprt))) {
goto done;
}
--- 397,401 ----
logit(log_severity, svc_getcaller(xprt),
rqstp->rq_proc, reg.pm_prog, "");
! if (!unsecure && !is_loopback(svc_getcaller(xprt))) {
goto done;
}
Index: portmap.8
===================================================================
RCS file: /cvsroot/src/usr.sbin/portmap/portmap.8,v
retrieving revision 1.5
diff -c -2 -r1.5 portmap.8
*** portmap.8 1999/01/11 20:51:09 1.5
--- portmap.8 1999/03/11 19:26:40
***************
*** 122,125 ****
--- 122,129 ----
.Nm
to connect to services from a privileged port.
+ .It Fl u
+ .Dq unsecure
+ mode. Allows to call PMAPPROC_SET and PMAPPROC_UNSET from any host. This might
+ be necessary for backward compatibility.
.El
.Sh SEE ALSO
>Audit-Trail:
>Unformatted: