Jeremy Herbison wrote:
> As I posted in blfs-support, it appears portmapper, at least when run using
> the blfs bootscript (and not started by inetd/xinetd as the portmapper manpage
> recommends), runs as UID 1 regardless of whether or not that is even a valid
> UID. Either the book needs to add a "bin" user (I assume that's what it wants
> to run as) for portmapper, or (preferably) a patch to portmap is needed.
>
> Actually I suppose that if running under xinetd fixes the problem, that could
> be the solution, too.
Interesting. Looking at the source of pmap_check.c:
void check_startup()
{
/*
* Give up root privileges so that we can never allocate a privileged
* port when forwarding an rpc request.
*/
if (setuid(1) == -1) {
syslog(LOG_ERR, "setuid(1) failed: %m");
exit(1);
}
(void) signal(SIGINT, toggle_verboselog);
}
It would appear that there is no choice of uid given to the user. OTOH,
I don't really see a problem with portmap running as uid 1. The only
reason I can see we would need an entry in the passwd file is for
programs like ps and top to translate the numeric uid to a name. The
name used would be arbitrary. The traditional name for uid 1 is, of
course, bin.
Also, I don't see where portmap is to be run out of a superserver. The
man page specifically says: "Portmap must be started before any RPC
servers are invoked." It is designed to be run as a full time daemon.
--Bruce
--
http://linuxfromscratch.org/mailman/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
