[OpenIndiana-discuss] Holding port numbers for servers
Jim Klimov
jimklimov at cos.ru
Mon Nov 5 17:29:50 UTC 2012
On 2012-11-05 18:08, Udo Grabowski (IMK) wrote:
>>>> I haven't seen this behavior for a while, so wanted to ask: are
>>>> there now any provisions NOT to issue certain ports (i.e. list
>>>> from /etc/services) when an applications opens a client socket?
>>>> That is, the listed ports should only be issued if the app binds
>>>> itself to this port number explicitly.
> Uh-oh, please not ! I don't see any necessity for such a service,
> unless anything is really broken. There are no indications for this,
> and all automatically assigned ports are placed well above the ones
> used regularly by default.
As it turns out, I did not RTFM enough, and the proper tunable seems
to exist already (although I did not test it completely yet) and it
holds the two NFS server ports by default.
According to that page and a local OS query, the minimum "ephemeral"
port numbers freely issued are indeed well above the "privileged"
numbers, and (tcp|udp)_smallest_anon_port is by default 32768, so
ports below this "should" be available to networked server apps.
> I really don't know what you want to fix.
I am not sure about the other circumstances of the original problem
I remebered today - i.e. why a random non-malicious program got hold
of the port needed by a server program by just being a net client,
but I know this did happen. Probably noone took care to use these
tunables though, or they did not exist back then...
Thanks to Mike, I believe this case is closed ;)
//Jim
More information about the OpenIndiana-discuss
mailing list