Re: Reserving "special" port numbers in the kernel ?

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Willy Tarreau <willy@w.ods.org>
To: Arun Sharma <arun.sharma@intel.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Reserving "special" port numbers in the kernel ?
Date: Sat, 16 Nov 2002 08:30:23 +0100	[thread overview]
Message-ID: <20021116073023.GD553@alpha.home.local> (raw)
In-Reply-To: <uel9mbcyi.fsf@unix-os.sc.intel.com>

On Fri, Nov 15, 2002 at 04:00:37PM -0800, Arun Sharma wrote:
> 
> One of the Intel server platforms has a magic port number (623) that
> it uses for remote server management. However, neither the kernel nor
> glibc are aware of this special port.
> 
> As a result, when someone requests a privileged port using
> bindresvport(3), they may get this port back and bad things happen.

The problem is that you want bindresvport() to fail and your bind() to
succeed, but bindresvport() calls bind(), so there's no way to distinguish
them.

But if you're willing to modify a bit your app and the kernel, at least there
would be a method. You could find a way to mark some ports "RESERVED", so that
bind() fails on them unless the socket has been set to SO_REUSEPORT. It's
unlikely that a caller of bindresvport() would set this flag on its socket.
But when you know you want this port for your app, you could explicitly set it.

This concept could be extended to reserve unprivileged ports. Eg, we could
mark 1521, 3128, ... reserved, so that only proper apps could bind on them,
and more importantly, connect() wouldn't use them.

Cheers,
Willy

next prev parent reply	other threads:[~2002-11-16  7:23 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-11-16  0:00 Reserving "special" port numbers in the kernel ? Arun Sharma
2002-11-16  0:11 ` Xavier Bestel
2002-11-16  0:53   ` Arun Sharma
2002-11-16  0:58     ` Sean Neakums
2002-11-16  1:00     ` Randy.Dunlap
2002-11-16  1:46       ` Arun Sharma
2002-11-16  2:03         ` Randy.Dunlap
2002-11-16  2:43 ` Alan Cox
2002-11-17 16:37   ` Arun Sharma
2002-11-17 22:59     ` Alan Cox
2002-11-16  7:30 ` Willy Tarreau [this message]
2002-11-17  0:03 ` Chris Wedgwood

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20021116073023.GD553@alpha.home.local \
    --to=willy@w.ods.org \
    --cc=arun.sharma@intel.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox