@Ben -- the code is clear, the issue is the API is not clear. These issues have occurred because the userspace program is passing in junk in one of the fields of the structure it passes to the kernel, literally random bits from its stack. In attempting to validate those to prevent security issues this userspace application has been caught out. The main issue is the documentation for the call can be read to say you do not need to fill in that field under some circumstances, a failure in the documentation, but given that the validation needs to be more targetted; and this final fix does that, zapping the "not needed to be filled value" to zero when it is not required to avoid validation failures. The new code also documents this ABI weakness so that it should not occur.
Of course none of that excuses the userspace programmer from not initialising this structure sensibly regardless of the documentation. It is plain sloppy practice. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1335478 Title: A new instance of IBM Domino 'bindsock' cannot bind to ports <1024 Kernel 3.13.0-29 and above Status in linux package in Ubuntu: Fix Committed Status in linux-lts-trusty package in Ubuntu: Invalid Status in linux-lts-utopic package in Ubuntu: Invalid Status in linux source package in Lucid: Fix Committed Status in linux-lts-trusty source package in Lucid: Invalid Status in linux-lts-utopic source package in Lucid: Invalid Status in linux source package in Precise: Fix Committed Status in linux-lts-trusty source package in Precise: Fix Committed Status in linux-lts-utopic source package in Precise: Invalid Status in linux source package in Trusty: Fix Committed Status in linux-lts-trusty source package in Trusty: Invalid Status in linux-lts-utopic source package in Trusty: Fix Committed Status in linux source package in Utopic: Fix Committed Status in linux-lts-trusty source package in Utopic: Invalid Status in linux-lts-utopic source package in Utopic: Invalid Status in linux source package in Vivid: Fix Committed Status in linux-lts-trusty source package in Vivid: Invalid Status in linux-lts-utopic source package in Vivid: Invalid Bug description: Starting with kernels 3.2.0-64 and 3.13.0-29 Something has changed to once again that prevents IBM Domino's "/opt/ibm/domino/notes/latest/linux/bindsock" binary that runs as root (setuid) to get ports lower than 1024 for it's LDAP, SMTP, IMAP, POP3, and HTTP processes. The Domino server reports the following: : "Listener failure: 'bindsock' is missing, not executable, not owned by root, not setuid root or user needs net_privaddr privilege." This is the same behaviour that was reported and subsequently corrected in Bug # 1269053 === break-fix: dbb490b96584d4e958533fb637f08b557f505657 6a2a2b3ae0759843b22c929881cc184b00cc63ff To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1335478/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
