bostic@OKEEFFE.BERKELEY.EDU.UUCP (09/18/87)
Subject: refuse to accept connections from ports below 512
Index: etc/{rshd.c,rlogind.c} 4.3BSD
Description:
It is strongly suggested that the following fixes be applied
to etc/rshd.c and etc/rlogind.c. They take care of a security
problem in 4.3BSD.
Repeat-By:
Use your imagination.
Fix:
Apply the following patches.
*** rlogind.c.old Thu Sep 17 19:19:26 1987
--- rlogind.c.new Thu Sep 17 19:21:15 1987
***************
*** 104,110 ****
hp->h_name = inet_ntoa(fromp->sin_addr);
}
if (fromp->sin_family != AF_INET ||
! fromp->sin_port >= IPPORT_RESERVED)
fatal(f, "Permission denied");
write(f, "", 1);
for (c = 'p'; c <= 's'; c++) {
--- 104,111 ----
hp->h_name = inet_ntoa(fromp->sin_addr);
}
if (fromp->sin_family != AF_INET ||
! fromp->sin_port >= IPPORT_RESERVED ||
! fromp->sin_port < IPPORT_RESERVED/2)
fatal(f, "Permission denied");
write(f, "", 1);
for (c = 'p'; c <= 's'; c++) {
*** rshd.c.old Thu Sep 17 19:29:59 1987
--- rshd.c.new Thu Sep 17 19:30:11 1987
***************
*** 103,119 ****
}
#endif
fromp->sin_port = ntohs((u_short)fromp->sin_port);
! if (fromp->sin_family != AF_INET ||
! fromp->sin_port >= IPPORT_RESERVED) {
syslog(LOG_ERR, "malformed from address\n");
exit(1);
}
(void) alarm(60);
port = 0;
for (;;) {
char c;
! if (read(f, &c, 1) != 1) {
! syslog(LOG_ERR, "read: %m");
shutdown(f, 1+1);
exit(1);
}
--- 103,124 ----
}
#endif
fromp->sin_port = ntohs((u_short)fromp->sin_port);
! if (fromp->sin_family != AF_INET) {
syslog(LOG_ERR, "malformed from address\n");
exit(1);
}
+ if (fromp->sin_port >= IPPORT_RESERVED ||
+ fromp->sin_port < IPPORT_RESERVED/2) {
+ syslog(LOG_NOTICE, "connection from bad port\n");
+ exit(1);
+ }
(void) alarm(60);
port = 0;
for (;;) {
char c;
! if ((cc = read(f, &c, 1)) != 1) {
! if (cc < 0)
! syslog(LOG_NOTICE, "read: %m");
shutdown(f, 1+1);
exit(1);
}