netbsd-bugs: ypbind security enhancement

Subject: ypbind security enhancement
To: None <netbsd-bugs@sun-lamp.cs.berkeley.edu>
From: Havard Eidnes <Havard.Eidnes@runit.sintef.no>
List: netbsd-bugs
Date: 11/14/1993 23:33:29

------- =_aaaaaaaaaa0
Content-Type: text/plain; charset="us-ascii"

Hi,

with this patch ypset is restricted to users being able to bind a reserved
port, ie. non-root users are excluded.  This is probably wise from a
security standpoint...

- Havard

------- =_aaaaaaaaaa0
Content-Type: multipart/digest; boundary="----- =_aaaaaaaaaa1"


------- =_aaaaaaaaaa1

          id <21385-0@runix.runit.sintef.no>; Sun, 14 Nov 1993 23:30:57 +0100
          id XAA08031; Sun, 14 Nov 1993 23:30:55 +0100
Date: Sun, 14 Nov 1993 23:30:55 +0100
From: Tor Egge <tegge@pvv.unit.no>
Message-Id: <199311142230.XAA08031@flipper.pvv.unit.no>
To: Havard.Eidnes@runit.sintef.no
Subject: ypbind diff


diff -rcN src-0.9/ypbind/ypbind.c src-0.9-m88k/ypbind/ypbind.c
*** src-0.9/ypbind/ypbind.c	Sun Nov 14 23:01:24 1993
--- src-0.9-m88k/ypbind/ypbind.c	Sun Nov 14 23:29:12 1993
***************
*** 197,202 ****
--- 202,209 ----
  		return (void *)NULL;
  	}
  
+ 	if (ntohs(fromsin->sin_port)>=IPPORT_RESERVED)
+ 	  return (void *) &res;
  	if(argp->ypsetdom_vers != YPVERS)
  		return (void *)&res;
  
-----


------- =_aaaaaaaaaa1--

------- =_aaaaaaaaaa0--

------------------------------------------------------------------------------