On Fri, Aug 19, 2011 at 10:13:17AM +1000, Russell Coker wrote: > Systems running SE Linux tend not to have this problem. In most cases the > daemons which use RPC services are not permitted to bind to any of the ports > that are reserved for services and therefore such a bind attempt fails with > EPERM, glibc will just decrement the port number and try again when this > happens. > > http://etbe.coker.com.au/2007/11/06/squid-and-se-linux/ > > I mentioned this in the above blog post, I think it was in about 2002 that I > wrote the policy to do this.
We could also patch bindresvport() to skip all ports mentioned in /etc/services, to get similar behaviour as with SE Linux. Or patch the programs using it to first try to bind to a static port that does not conflict with those in /etc/services, and if that fails fall back to bindresvport(). -- Met vriendelijke groet / with kind regards, Guus Sliepen <g...@debian.org>
signature.asc
Description: Digital signature