[PATCH] portmap: new applet
Denys Vlasenko
vda.linux at googlemail.com
Tue May 3 15:53:25 UTC 2011
On Mon, May 2, 2011 at 5:00 PM, Lukas Huba <huba.lukas at centrum.cz> wrote:
>> 1st, checking for ports < 1024 on remote calls is nearly pointless:
>> it is a verstige of the era when the case of *unprivileged* user
>> attacking over network was a usual case. These days, remote attackers
>> usually will have no trouble using a machine where they have root
>> (such as using their own laptop...).
> It's for local applications. Only user with root privileges can have port < 1024.
>
>> Since we use such a small subset here, maybe we just open-code it?
> What exactly do you mean?
I mean: this program uses only five svc_FOO functions:
svc_getcaller
svc_getargs
svc_sendreply
svc_register
svc_run
If we simply reimplement them - sanely, so that they support
arbitrary sockaddrs (meaning: IPv6 and more) -
we do not need to use ones from libc.
Another advantage is that then we can link against
small libcs which may lack these functions - these functions
are not POSIX/SUS, right?
Their source can be found in glibc or uclibc. For uclibc,
see libc/inet/rpc/*.c files in uclibc tree.
--
vda
More information about the busybox
mailing list