On Fri, 19 Aug 2011, Adam Borowski <kilob...@angband.pl> wrote: > Or use a whitelist rather than pretending that /etc/services was complete > anywhere within the last 20 years.
AFAIK /etc/services has always been a complete list of ports assigned by IANA. If someone makes a port commonly used without getting IANA approval that's their problem/mistake. > Not to mention bindresvport() removes the freedom of the sysadmin to bind > services to whatever ports she wishes. Or, say, run multiple instances of > a service. If you make your program use bindresvport() then it means that you don't care what the port number is as long as it's in the reserved range. This generally means that it's a RPC service and the Portmapper will tell everyone which port to use or that there is some other channel to tell the clients which port to connect to (maybe a bit like the FTP two-port setup). If you run multiple instances of a service using RPC then I guess you could use different names with the Portmapper. It seems to me that the only problem is if you run multiple instances of a daemon on different ports and don't use /etc/bindresvport.blacklist, SE Linux, or some other method of telling bindresvport() to leave your port alone. That wouldn't be an issue of sysadmin freedom but sysadmin ignorance (and I am one of the people who was ignorant of bindresvport.blacklist). -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201108200002.12738.russ...@coker.com.au
