Subject: Re: bin/35479: /usr/sbin/timedc fails
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, djv@bedford.net>
From: Woodchuck <djv@bedford.net>
List: netbsd-bugs
Date: 01/25/2007 22:35:02
The following reply was made to PR bin/35479; it has been noted by GNATS.
From: Woodchuck <djv@bedford.net>
To: gnats-bugs@NetBSD.org
Cc: netbsd-bugs@NetBSD.org
Subject: Re: bin/35479: /usr/sbin/timedc fails
Date: Thu, 25 Jan 2007 17:28:53 -0500 (EST)
On Thu, 25 Jan 2007, Christian Biere wrote:
> The following reply was made to PR bin/35479; it has been noted by GNATS.
>
> From: Christian Biere <christianbiere@gmx.de>
> To: gnats-bugs@NetBSD.org, netbsd-bugs@NetBSD.org
> Cc:
> Subject: Re: bin/35479: /usr/sbin/timedc fails
> Date: Thu, 25 Jan 2007 23:16:21 +0100
>
> Woodchuck wrote:
> > In other words, the OpenBSD hosts are *rejecting* a connection attempt
> > from a privileged socket. That makes a certain kind of paranoid sense.
>
> I don't see any such checks in code. Are you sure it's not just the
> firewall? Also packets from unprivileged ports are certainly not more
> trustworthy than those from privileged ports. If you want to differ at
> all than it's rather vice-versa.
Here are some tcpdumps, jezebel is a NetBSD host, rachel is OpenBSD.
Pequod is an OpenBSD host. All are on the same ethernet, no firewalls
involved.
With timedc with htons, i.e. as-is after the other fix:
NetBSD sending from privileged port, OpenBSD not responding.
17:17:04.053285 IP rachel.chuck > jezebel.chuck: icmp 28: time stamp reply id 36188 seq 35840 : org 0x4c81f35 recv 0x4c81f17 xmit 0x4c81f17
17:17:04.053480 IP jezebel.chuck > rachel.chuck: icmp 28: time stamp query id 36188 seq 38400
17:17:04.053575 IP rachel.chuck > jezebel.chuck: icmp 28: time stamp reply id 36188 seq 38400 : org 0x4c81f35 recv 0x4c81f17 xmit 0x4c81f17
17:17:04.053756 IP jezebel.chuck.1023 > rachel.chuck.time: UDP, length: 4
17:17:06.059611 IP jezebel.chuck.1023 > rachel.chuck.time: UDP, length: 4
17:17:08.069645 IP jezebel.chuck.1023 > rachel.chuck.time: UDP, length: 4
17:17:10.079674 IP jezebel.chuck.1023 > rachel.chuck.time: UDP, length: 4
Without htons, i.e. with the BAD FIX:
Jezebel (NetBSD) sends from 65283, OpenBSD rachel responds.
17:18:10.328872 IP rachel.chuck > jezebel.chuck: icmp 28: time stamp reply id 21609 seq 35840 : org 0x4c92218 recv 0x4c92219 xmit 0x4c92219
17:18:10.329068 IP jezebel.chuck > rachel.chuck: icmp 28: time stamp query id 21609 seq 38400
17:18:10.329234 IP rachel.chuck > jezebel.chuck: icmp 28: time stamp reply id 21609 seq 38400 : org 0x4c92219 recv 0x4c92219 xmit 0x4c92219
17:18:10.329416 IP jezebel.chuck.65283 > rachel.chuck.time: UDP, length: 4
17:18:10.329644 IP rachel.chuck.time > jezebel.chuck.65283: UDP, length: 4
From pequod (OpenBSD) to rachel (OpenBSD):
Unprivileged port 19113 is selected.
17:19:58.378961 IP pequod.chuck > rachel.chuck: icmp 28: time stamp query id 21006 seq 38400
17:19:58.379070 IP rachel.chuck > pequod.chuck: icmp 28: time stamp reply id 21006 seq 38400 : org 0x4cac819 recv 0x4cac81b xmit 0x4cac81b
17:19:58.379144 IP pequod.chuck.19113 > rachel.chuck.time: UDP, length: 4
17:19:58.379314 IP rachel.chuck.time > pequod.chuck.19113: UDP, length: 4
As for security, I have only a dim recollection, so will not rely
upon it or even report what it is. But for some reason, they are
rejecting the connection from 1023.
> > I notice that timedc is setuid 0 on NetBSD, (obviously, to get that
> > privileged socket), but is not setuid on OpenBSD (which uses an unprivileged
> > one).
>
> No, it's not just for this socket but rather for the raw socket.
OK. OpenBSD fails for uprivileged user for the raw socket reason.
> > If an unprivileged socket is appropriate, then NetBSD could also
> > lose the setuid property, generally a good thing to lose if unnecessary.
>
> Can you use timedc as non-root on OpenBSD at all? I would think there's no
> need to but I doubt not dropping privileges at all is better.
Will not start for unprivileged user. A sudo-er could use it.
(actual fresh experiments, not from my fuzzy memory.) I will make
inquiry at OpenBSD for their reasons for rejecting privileged connections,
and report to you here.
Dave
--
The law has converted plunder into a right and lawful defense
into a crime. -- Frederic Bastiat, 1850