Why I can't bind the 1023 port?

linuxppc-dev.lists.ozlabs.org archive mirror
 help / color / mirror / Atom feed

* Why I can't bind the 1023 port?
@ 2002-06-11  2:18 Daniel Lao
  2002-06-10 19:42 ` Owen Stampflee
  2002-06-11  2:38 ` [OT] " Bastien Nocera
  0 siblings, 2 replies; 5+ messages in thread
From: Daniel Lao @ 2002-06-11  2:18 UTC (permalink / raw)
  To: linuxppc-dev

I recently met some trouble with the "rcp" command. My "rcp" could not work
even if I have correctly configure the remote host.
When I run rcp in my local host, it print "Permission deny" to the terminal.

So I re-compiled rcp and debugged it by GDB. I found that it fail while tried to
bind the 1023 port for connecting with the remote rshd.

I though the 1023 port might be protected, and I wrote a program as below:

--- begin ---
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <errno.h>
extern int errno;

int main (int argc, char **argv)
{
    int s, rv;
    unsigned short port = 1023;
    struct sockaddr_in sin;

    s = socket (AF_INET, SOCK_STREAM, 0);
    if (s < 0)
    {
        perror ("socket");
        return errno;
    }

    sin.sin_family = AF_INET;
    sin.sin_addr.s_addr = INADDR_ANY;
    sin.sin_port = htons (port);
    rv = bind (s, (struct sockaddr *) &sin, sizeof (sin));
    if (rv < 0)
    {
        perror ("bind");
        return errno;
    }
}

--- end ---

The running result was that I could not bind these ports: 1023, 1022, ...
but it was success in bind 1024 port.
And while I su to as the super-user, I could bind all these ports!
I am wondering if the ports were really protected, and how can I use the ports?

Should anyone be kind to give me some advise?
:)

---
Daniel Lao
2002-06-11 10:17:58

** Sent via the linuxppc-dev mail list. See http://lists.linuxppc.org/

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Why I can't bind the 1023 port?
  2002-06-11  2:18 Why I can't bind the 1023 port? Daniel Lao
@ 2002-06-10 19:42 ` Owen Stampflee
  2002-06-11  8:02   ` Ethan Benson
  2002-06-11  2:38 ` [OT] " Bastien Nocera
  1 sibling, 1 reply; 5+ messages in thread
From: Owen Stampflee @ 2002-06-10 19:42 UTC (permalink / raw)
  To: Daniel Lao; +Cc: linuxppc-dev


On Tue, 2002-06-11 at 02:18, Daniel Lao wrote:
> The running result was that I could not bind these ports: 1023, 1022, ...
> but it was success in bind 1024 port.
> And while I su to as the super-user, I could bind all these ports!
> I am wondering if the ports were really protected, and how can I use the ports?

Yes, ports < 1024 are reserved ports for "public" applications and only
the superuser can bind them. To use them, you need to be a superuser. I
am not familar with rcp (I would use scp even for local transfers) but
it should be able to run on another port.

Owen

--
Owen Stampflee - owen@penguinppc.org
http://penguinppc.org/~owen


** Sent via the linuxppc-dev mail list. See http://lists.linuxppc.org/

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Why I can't bind the 1023 port?
  2002-06-10 19:42 ` Owen Stampflee
@ 2002-06-11  8:02   ` Ethan Benson
  0 siblings, 0 replies; 5+ messages in thread
From: Ethan Benson @ 2002-06-11  8:02 UTC (permalink / raw)
  To: linuxppc-dev


On Mon, Jun 10, 2002 at 07:42:37PM +0000, Owen Stampflee wrote:
>
> On Tue, 2002-06-11 at 02:18, Daniel Lao wrote:
> > The running result was that I could not bind these ports: 1023, 1022, ...
> > but it was success in bind 1024 port.
> > And while I su to as the super-user, I could bind all these ports!
> > I am wondering if the ports were really protected, and how can I use the ports?
>
> Yes, ports < 1024 are reserved ports for "public" applications and only
> the superuser can bind them. To use them, you need to be a superuser. I
> am not familar with rcp (I would use scp even for local transfers) but
> it should be able to run on another port.

no it can't, thats why rcp must always be suid root, the entire
no-security model behind rcp/rlogin etc is `if its connecting *from* a
privileged port it can't lie to us about the user its trying to
connect as so we allow the connection'

obviously this is completly flawed model and why you should use ssh/scp
and not rcp/rlogin.

--
Ethan Benson
http://www.alaska.net/~erbenson/

** Sent via the linuxppc-dev mail list. See http://lists.linuxppc.org/

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [OT] Re: Why I can't bind the 1023 port?
  2002-06-11  2:18 Why I can't bind the 1023 port? Daniel Lao
  2002-06-10 19:42 ` Owen Stampflee
@ 2002-06-11  2:38 ` Bastien Nocera
  1 sibling, 0 replies; 5+ messages in thread
From: Bastien Nocera @ 2002-06-11  2:38 UTC (permalink / raw)
  To: Daniel Lao; +Cc: linuxppc-dev@lists.linuxppc.org


On Tue, 2002-06-11 at 03:18, Daniel Lao wrote:
>
> I recently met some trouble with the "rcp" command. My "rcp" could not work
> even if I have correctly configure the remote host.
> When I run rcp in my local host, it print "Permission deny" to the terminal.
>
> So I re-compiled rcp and debugged it by GDB. I found that it fail while tried to
> bind the 1023 port for connecting with the remote rshd.
>
> I though the 1023 port might be protected, and I wrote a program as below:
<snip>
> The running result was that I could not bind these ports: 1023, 1022, ...
> but it was success in bind 1024 port.
> And while I su to as the super-user, I could bind all these ports!
> I am wondering if the ports were really protected, and how can I use the ports?
>
> Should anyone be kind to give me some advise?
> :)

ports < 1024 are reserved to the super-user. This is clearly very much
off topic btw.

Cheers

--
/Bastien Nocera
http://hadess.net

** Sent via the linuxppc-dev mail list. See http://lists.linuxppc.org/

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Why I can't bind the 1023 port?
@ 2002-06-11  3:20 Daniel Lao
  0 siblings, 0 replies; 5+ messages in thread
From: Daniel Lao @ 2002-06-11  3:20 UTC (permalink / raw)
  To: linuxppc-dev


Yes, only root can access the ports less than 1024.
Just now I saw that rcp was a SUID routine, so it must be able to bind that port.
Maybe I made some other mistakes.
Thanks for your help.

I am sorry my post is a little off topic :)

>
>Yes, ports < 1024 are reserved ports for "public" applications and only
>the superuser can bind them. To use them, you need to be a superuser. I
>am not familar with rcp (I would use scp even for local transfers) but
>it should be able to run on another port.
>
>Owen
>
>--
>Owen Stampflee - owen@penguinppc.org
>http://penguinppc.org/~owen

---
Daniel Lao
2002-06-11 11:07:13


** Sent via the linuxppc-dev mail list. See http://lists.linuxppc.org/

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2002-06-11  8:02 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-06-11  2:18 Why I can't bind the 1023 port? Daniel Lao
2002-06-10 19:42 ` Owen Stampflee
2002-06-11  8:02   ` Ethan Benson
2002-06-11  2:38 ` [OT] " Bastien Nocera
  -- strict thread matches above, loose matches on Subject: below --
2002-06-11  3:20 Daniel Lao

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).