[Touch-packages] [Bug 304393] Re: rpcbind grabs ports used by other daemons such as cupsd

2021-09-20 Thread Bug Watch Updater
** Changed in: fedora
   Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/304393

Title:
  rpcbind grabs ports used by other daemons such as cupsd

Status in cups package in Ubuntu:
  Invalid
Status in rpcbind package in Ubuntu:
  Fix Released
Status in rpcbind source package in Xenial:
  Fix Released
Status in rpcbind source package in Bionic:
  Fix Released
Status in rpcbind package in Debian:
  Fix Released
Status in Fedora:
  Won't Fix

Bug description:
  [impact]

  rpcbind binds to a 'random' reserved port at startup, which can
  conflict with the reserved port number for other applications that
  actually 'own' the reserved port number. One example is cups, which
  uses the reserved port 631.

  This prevents the actual 'owner' of the reserved port from starting,
  since it can't bind to its reserved port.

  Additionally, this can raise alarms from security monitoring software
  that does not expect programs to be listening on random reserved
  ports.

  [test case]

  start rpcbind and check which ports it is listening on, e.g.:

  $ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
  udp0  0 0.0.0.0:614 0.0.0.0:* 
  4678/rpcbind

  each time rpcbind is restarted, it will be listening to a different
  'random' port.

  [regression potential]

  this adds a way to disable rpcbind from listening to the 'random'
  port. any regression would likely prevent rpcbind from starting, or
  may cause problems with the interaction between rpcinfo and rpcbind,
  as rpcinfo may use the random reserved port in some cases, as detailed
  in the Debian bug.

  [scope]

  This is needed only for Bionic and earlier.

  In Focal and later, and in Debian, rpcbind defaults to not opening the
  random reserved port.  The admin can use the -r parameter to cause
  rpcbind to restore the old behavior of opening the random reserved
  port.

  [other info]

  Note that the -r parameter is a Debian addition, and the upstream
  rpcbind has disabled the random port functionality at build time;
  there is no runtime parameter to allow the admin to choose the
  behavior.

  Also, as discussed in the Debian bug, disabling this rpcbind 'feature'
  is known to cause problems for the rpcinfo program, which is why
  Debian introduced the -r parameter. So, when this -r parameter is
  backported to Bionic and earlier, we must retain the default behavior
  for those releases, which is for rpcbind to open the random reserved
  port.

  Thus, the patch for this will first backport the upstream patch that adds 
functionality to be able to disable the 'remote calls' function, and also 
backports the debian patch to change that from a compile-time to run-time 
option. Then, another patch is added, which changes the default back to the 
behavior of x/b, which is for remote calls to be enabled by default,
  and also adds a check for the existence of an environment variable 
"RPCBIND_RMTCALL_DEFAULT_DISABLED" which, if defined (to anything), will change 
the default to disabled.

  This allows 1) retaining the existing default behavior of rpcbind in x
  and b, while also 2) providing a mechanism to change that default for
  anyone who does *not* want remote calls to be enabled, and 3) allowing
  the mechanism to change the default to remain in place after an
  upgrade to Focal. Using the environment variable allows anyone to
  disable the remote calls in x and/or b, and then upgrade to Focal
  without breaking rpcbind or needing to remove the env var. After the
  upgrade to Focal, the environment variable (defined in
  /etc/default/rpcbind and/or /etc/rpcbind.conf) will simply be ignored
  without any change needed to the rpcbind package in Focal or later.

  [original description]

  Binary package hint: cups

  cups 1.3.9-2ubuntu4
  From /var/log/cups/error_log:
  cups: unable to bind socket for address 127.0.0.1:631 - Address already in 
use.

  Nothing actually looks wrong. 127.0.0.1:631 is only in use by cupsd
  when started.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/304393/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 304393] Re: rpcbind grabs ports used by other daemons such as cupsd

2020-09-03 Thread Launchpad Bug Tracker
This bug was fixed in the package rpcbind - 0.2.3-0.2ubuntu0.16.04.1

---
rpcbind (0.2.3-0.2ubuntu0.16.04.1) xenial; urgency=medium

  * d/rules, d/control:
- Add dh-autoreconf build-dep and force dh_autoreconf
  to fix FTBFS (LP: #1885389)
  * d/p/lp304393/0001-rpcbind-Disable-remote-calls-by-default.patch,
d/p/lp304393/0002-rmt-calls.patch,
d/p/lp304393/0003-change-rmtcalls-default-to-enabled.patch:
- Allow disabling rmtcalls port binding (LP: #304393)

 -- Dan Streetman   Mon, 10 Aug 2020 11:05:43
-0400

** Changed in: rpcbind (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/304393

Title:
  rpcbind grabs ports used by other daemons such as cupsd

Status in cups package in Ubuntu:
  Invalid
Status in rpcbind package in Ubuntu:
  Fix Released
Status in rpcbind source package in Xenial:
  Fix Released
Status in rpcbind source package in Bionic:
  Fix Released
Status in rpcbind package in Debian:
  Fix Released
Status in Fedora:
  Confirmed

Bug description:
  [impact]

  rpcbind binds to a 'random' reserved port at startup, which can
  conflict with the reserved port number for other applications that
  actually 'own' the reserved port number. One example is cups, which
  uses the reserved port 631.

  This prevents the actual 'owner' of the reserved port from starting,
  since it can't bind to its reserved port.

  Additionally, this can raise alarms from security monitoring software
  that does not expect programs to be listening on random reserved
  ports.

  [test case]

  start rpcbind and check which ports it is listening on, e.g.:

  $ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
  udp0  0 0.0.0.0:614 0.0.0.0:* 
  4678/rpcbind

  each time rpcbind is restarted, it will be listening to a different
  'random' port.

  [regression potential]

  this adds a way to disable rpcbind from listening to the 'random'
  port. any regression would likely prevent rpcbind from starting, or
  may cause problems with the interaction between rpcinfo and rpcbind,
  as rpcinfo may use the random reserved port in some cases, as detailed
  in the Debian bug.

  [scope]

  This is needed only for Bionic and earlier.

  In Focal and later, and in Debian, rpcbind defaults to not opening the
  random reserved port.  The admin can use the -r parameter to cause
  rpcbind to restore the old behavior of opening the random reserved
  port.

  [other info]

  Note that the -r parameter is a Debian addition, and the upstream
  rpcbind has disabled the random port functionality at build time;
  there is no runtime parameter to allow the admin to choose the
  behavior.

  Also, as discussed in the Debian bug, disabling this rpcbind 'feature'
  is known to cause problems for the rpcinfo program, which is why
  Debian introduced the -r parameter. So, when this -r parameter is
  backported to Bionic and earlier, we must retain the default behavior
  for those releases, which is for rpcbind to open the random reserved
  port.

  Thus, the patch for this will first backport the upstream patch that adds 
functionality to be able to disable the 'remote calls' function, and also 
backports the debian patch to change that from a compile-time to run-time 
option. Then, another patch is added, which changes the default back to the 
behavior of x/b, which is for remote calls to be enabled by default,
  and also adds a check for the existence of an environment variable 
"RPCBIND_RMTCALL_DEFAULT_DISABLED" which, if defined (to anything), will change 
the default to disabled.

  This allows 1) retaining the existing default behavior of rpcbind in x
  and b, while also 2) providing a mechanism to change that default for
  anyone who does *not* want remote calls to be enabled, and 3) allowing
  the mechanism to change the default to remain in place after an
  upgrade to Focal. Using the environment variable allows anyone to
  disable the remote calls in x and/or b, and then upgrade to Focal
  without breaking rpcbind or needing to remove the env var. After the
  upgrade to Focal, the environment variable (defined in
  /etc/default/rpcbind and/or /etc/rpcbind.conf) will simply be ignored
  without any change needed to the rpcbind package in Focal or later.

  [original description]

  Binary package hint: cups

  cups 1.3.9-2ubuntu4
  From /var/log/cups/error_log:
  cups: unable to bind socket for address 127.0.0.1:631 - Address already in 
use.

  Nothing actually looks wrong. 127.0.0.1:631 is only in use by cupsd
  when started.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/304393/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launch

[Touch-packages] [Bug 304393] Re: rpcbind grabs ports used by other daemons such as cupsd

2020-08-31 Thread Dan Streetman
note there is only one xenial reverse-dep autopkgtest failure, for nfs-
utils on s390x, and that test has always failed and can be ignored.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/304393

Title:
  rpcbind grabs ports used by other daemons such as cupsd

Status in cups package in Ubuntu:
  Invalid
Status in rpcbind package in Ubuntu:
  Fix Released
Status in rpcbind source package in Xenial:
  Fix Committed
Status in rpcbind source package in Bionic:
  Fix Released
Status in rpcbind package in Debian:
  Fix Released
Status in Fedora:
  Confirmed

Bug description:
  [impact]

  rpcbind binds to a 'random' reserved port at startup, which can
  conflict with the reserved port number for other applications that
  actually 'own' the reserved port number. One example is cups, which
  uses the reserved port 631.

  This prevents the actual 'owner' of the reserved port from starting,
  since it can't bind to its reserved port.

  Additionally, this can raise alarms from security monitoring software
  that does not expect programs to be listening on random reserved
  ports.

  [test case]

  start rpcbind and check which ports it is listening on, e.g.:

  $ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
  udp0  0 0.0.0.0:614 0.0.0.0:* 
  4678/rpcbind

  each time rpcbind is restarted, it will be listening to a different
  'random' port.

  [regression potential]

  this adds a way to disable rpcbind from listening to the 'random'
  port. any regression would likely prevent rpcbind from starting, or
  may cause problems with the interaction between rpcinfo and rpcbind,
  as rpcinfo may use the random reserved port in some cases, as detailed
  in the Debian bug.

  [scope]

  This is needed only for Bionic and earlier.

  In Focal and later, and in Debian, rpcbind defaults to not opening the
  random reserved port.  The admin can use the -r parameter to cause
  rpcbind to restore the old behavior of opening the random reserved
  port.

  [other info]

  Note that the -r parameter is a Debian addition, and the upstream
  rpcbind has disabled the random port functionality at build time;
  there is no runtime parameter to allow the admin to choose the
  behavior.

  Also, as discussed in the Debian bug, disabling this rpcbind 'feature'
  is known to cause problems for the rpcinfo program, which is why
  Debian introduced the -r parameter. So, when this -r parameter is
  backported to Bionic and earlier, we must retain the default behavior
  for those releases, which is for rpcbind to open the random reserved
  port.

  Thus, the patch for this will first backport the upstream patch that adds 
functionality to be able to disable the 'remote calls' function, and also 
backports the debian patch to change that from a compile-time to run-time 
option. Then, another patch is added, which changes the default back to the 
behavior of x/b, which is for remote calls to be enabled by default,
  and also adds a check for the existence of an environment variable 
"RPCBIND_RMTCALL_DEFAULT_DISABLED" which, if defined (to anything), will change 
the default to disabled.

  This allows 1) retaining the existing default behavior of rpcbind in x
  and b, while also 2) providing a mechanism to change that default for
  anyone who does *not* want remote calls to be enabled, and 3) allowing
  the mechanism to change the default to remain in place after an
  upgrade to Focal. Using the environment variable allows anyone to
  disable the remote calls in x and/or b, and then upgrade to Focal
  without breaking rpcbind or needing to remove the env var. After the
  upgrade to Focal, the environment variable (defined in
  /etc/default/rpcbind and/or /etc/rpcbind.conf) will simply be ignored
  without any change needed to the rpcbind package in Focal or later.

  [original description]

  Binary package hint: cups

  cups 1.3.9-2ubuntu4
  From /var/log/cups/error_log:
  cups: unable to bind socket for address 127.0.0.1:631 - Address already in 
use.

  Nothing actually looks wrong. 127.0.0.1:631 is only in use by cupsd
  when started.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/304393/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 304393] Re: rpcbind grabs ports used by other daemons such as cupsd

2020-08-31 Thread Dan Streetman
ubuntu@lp304393-x:~$ dpkg -l|grep rpcbind
ii  rpcbind  0.2.3-0.2ubuntu0.1 
amd64converts RPC program numbers into universal addresses
ubuntu@lp304393-x:~$ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
udp0  0 *:927   *:* 
13471/rpcbind   


same default behavior after upgrade:

ubuntu@lp304393-x:~$ dpkg -l|grep rpcbind
ii  rpcbind  0.2.3-0.2ubuntu0.16.04.1   
amd64converts RPC program numbers into universal addresses
ubuntu@lp304393-x:~$ sudo systemctl restart rpcbind
ubuntu@lp304393-x:~$ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
udp0  0 *:625   *:* 
14441/rpcbind   


with parameter added, random port disabled:

ubuntu@lp304393-x:~$ cat /etc/default/rpcbind 
RPCBIND_RMTCALL_DEFAULT_DISABLED=1

ubuntu@lp304393-x:~$ sudo systemctl restart rpcbind
ubuntu@lp304393-x:~$ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
ubuntu@lp304393-x:~$ 


with parameter commented, default behavior restored:

ubuntu@lp304393-x:~$ cat /etc/default/rpcbind 
#RPCBIND_RMTCALL_DEFAULT_DISABLED=1

ubuntu@lp304393-x:~$ sudo systemctl restart rpcbind
ubuntu@lp304393-x:~$ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
udp0  0 *:660   *:* 
14476/rpcbind   


** Tags removed: verification-needed verification-needed-xenial
** Tags added: verification-done verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/304393

Title:
  rpcbind grabs ports used by other daemons such as cupsd

Status in cups package in Ubuntu:
  Invalid
Status in rpcbind package in Ubuntu:
  Fix Released
Status in rpcbind source package in Xenial:
  Fix Committed
Status in rpcbind source package in Bionic:
  Fix Released
Status in rpcbind package in Debian:
  Fix Released
Status in Fedora:
  Confirmed

Bug description:
  [impact]

  rpcbind binds to a 'random' reserved port at startup, which can
  conflict with the reserved port number for other applications that
  actually 'own' the reserved port number. One example is cups, which
  uses the reserved port 631.

  This prevents the actual 'owner' of the reserved port from starting,
  since it can't bind to its reserved port.

  Additionally, this can raise alarms from security monitoring software
  that does not expect programs to be listening on random reserved
  ports.

  [test case]

  start rpcbind and check which ports it is listening on, e.g.:

  $ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
  udp0  0 0.0.0.0:614 0.0.0.0:* 
  4678/rpcbind

  each time rpcbind is restarted, it will be listening to a different
  'random' port.

  [regression potential]

  this adds a way to disable rpcbind from listening to the 'random'
  port. any regression would likely prevent rpcbind from starting, or
  may cause problems with the interaction between rpcinfo and rpcbind,
  as rpcinfo may use the random reserved port in some cases, as detailed
  in the Debian bug.

  [scope]

  This is needed only for Bionic and earlier.

  In Focal and later, and in Debian, rpcbind defaults to not opening the
  random reserved port.  The admin can use the -r parameter to cause
  rpcbind to restore the old behavior of opening the random reserved
  port.

  [other info]

  Note that the -r parameter is a Debian addition, and the upstream
  rpcbind has disabled the random port functionality at build time;
  there is no runtime parameter to allow the admin to choose the
  behavior.

  Also, as discussed in the Debian bug, disabling this rpcbind 'feature'
  is known to cause problems for the rpcinfo program, which is why
  Debian introduced the -r parameter. So, when this -r parameter is
  backported to Bionic and earlier, we must retain the default behavior
  for those releases, which is for rpcbind to open the random reserved
  port.

  Thus, the patch for this will first backport the upstream patch that adds 
functionality to be able to disable the 'remote calls' function, and also 
backports the debian patch to change that from a compile-time to run-time 
option. Then, another patch is added, which changes the default back to the 
behavior of x/b, which is for remote calls to be enabled by default,
  and also adds a check for the existence of an environment variable 
"RPCBIND_RMTCALL_DEFAULT_DISABLED" which, if defined (to anything), will change 
the default to disabled.

  This allows 1) retaining the existing default behavior of rpcbind in x
  and b, while also 2) providing a mechanism to change that default for
  anyone who does *not* want remote calls to be enabled, and 3) allowing
  the mechanism to change the def

[Touch-packages] [Bug 304393] Re: rpcbind grabs ports used by other daemons such as cupsd

2020-08-27 Thread Ɓukasz Zemczak
Hello Alvin, or anyone else affected,

Accepted rpcbind into xenial-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/rpcbind/0.2.3-0.2ubuntu0.16.04.1 in
a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
xenial to verification-done-xenial. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-xenial. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: rpcbind (Ubuntu Xenial)
   Status: In Progress => Fix Committed

** Tags removed: verification-done
** Tags added: verification-needed verification-needed-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/304393

Title:
  rpcbind grabs ports used by other daemons such as cupsd

Status in cups package in Ubuntu:
  Invalid
Status in rpcbind package in Ubuntu:
  Fix Released
Status in rpcbind source package in Xenial:
  Fix Committed
Status in rpcbind source package in Bionic:
  Fix Released
Status in rpcbind package in Debian:
  Fix Released
Status in Fedora:
  Confirmed

Bug description:
  [impact]

  rpcbind binds to a 'random' reserved port at startup, which can
  conflict with the reserved port number for other applications that
  actually 'own' the reserved port number. One example is cups, which
  uses the reserved port 631.

  This prevents the actual 'owner' of the reserved port from starting,
  since it can't bind to its reserved port.

  Additionally, this can raise alarms from security monitoring software
  that does not expect programs to be listening on random reserved
  ports.

  [test case]

  start rpcbind and check which ports it is listening on, e.g.:

  $ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
  udp0  0 0.0.0.0:614 0.0.0.0:* 
  4678/rpcbind

  each time rpcbind is restarted, it will be listening to a different
  'random' port.

  [regression potential]

  this adds a way to disable rpcbind from listening to the 'random'
  port. any regression would likely prevent rpcbind from starting, or
  may cause problems with the interaction between rpcinfo and rpcbind,
  as rpcinfo may use the random reserved port in some cases, as detailed
  in the Debian bug.

  [scope]

  This is needed only for Bionic and earlier.

  In Focal and later, and in Debian, rpcbind defaults to not opening the
  random reserved port.  The admin can use the -r parameter to cause
  rpcbind to restore the old behavior of opening the random reserved
  port.

  [other info]

  Note that the -r parameter is a Debian addition, and the upstream
  rpcbind has disabled the random port functionality at build time;
  there is no runtime parameter to allow the admin to choose the
  behavior.

  Also, as discussed in the Debian bug, disabling this rpcbind 'feature'
  is known to cause problems for the rpcinfo program, which is why
  Debian introduced the -r parameter. So, when this -r parameter is
  backported to Bionic and earlier, we must retain the default behavior
  for those releases, which is for rpcbind to open the random reserved
  port.

  Thus, the patch for this will first backport the upstream patch that adds 
functionality to be able to disable the 'remote calls' function, and also 
backports the debian patch to change that from a compile-time to run-time 
option. Then, another patch is added, which changes the default back to the 
behavior of x/b, which is for remote calls to be enabled by default,
  and also adds a check for the existence of an environment variable 
"RPCBIND_RMTCALL_DEFAULT_DISABLED" which, if defined (to anything), will change 
the default to disabled.

  This allows 1) retaining the existing default behavior of rpcbind in x
  and b, while also 2) providing a mechanism to change that default for
  anyone who does *not* want remote calls to be enabled, and 3) allowing
  the mechanism to change the default to remain in place after an
  upgrade to Focal. Using the environment variable allows anyone to
  disable the remote calls in x and/or b, and the

[Touch-packages] [Bug 304393] Re: rpcbind grabs ports used by other daemons such as cupsd

2020-08-20 Thread Launchpad Bug Tracker
This bug was fixed in the package rpcbind - 0.2.3-0.6ubuntu0.18.04.1

---
rpcbind (0.2.3-0.6ubuntu0.18.04.1) bionic; urgency=medium

  * d/rules: force dh_autoreconf to fix FTBFS (LP: #1885389)
  * d/p/lp304393/0001-rpcbind-Disable-remote-calls-by-default.patch,
d/p/lp304393/0002-rmt-calls.patch,
d/p/lp304393/0003-change-rmtcalls-default-to-enabled.patch:
- Allow disabling rmtcalls port binding (LP: #304393)

 -- Dan Streetman   Tue, 04 Aug 2020 17:17:50
-0400

** Changed in: rpcbind (Ubuntu Bionic)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/304393

Title:
  rpcbind grabs ports used by other daemons such as cupsd

Status in cups package in Ubuntu:
  Invalid
Status in rpcbind package in Ubuntu:
  Fix Released
Status in rpcbind source package in Xenial:
  In Progress
Status in rpcbind source package in Bionic:
  Fix Released
Status in rpcbind package in Debian:
  Fix Released
Status in Fedora:
  Confirmed

Bug description:
  [impact]

  rpcbind binds to a 'random' reserved port at startup, which can
  conflict with the reserved port number for other applications that
  actually 'own' the reserved port number. One example is cups, which
  uses the reserved port 631.

  This prevents the actual 'owner' of the reserved port from starting,
  since it can't bind to its reserved port.

  Additionally, this can raise alarms from security monitoring software
  that does not expect programs to be listening on random reserved
  ports.

  [test case]

  start rpcbind and check which ports it is listening on, e.g.:

  $ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
  udp0  0 0.0.0.0:614 0.0.0.0:* 
  4678/rpcbind

  each time rpcbind is restarted, it will be listening to a different
  'random' port.

  [regression potential]

  this adds a way to disable rpcbind from listening to the 'random'
  port. any regression would likely prevent rpcbind from starting, or
  may cause problems with the interaction between rpcinfo and rpcbind,
  as rpcinfo may use the random reserved port in some cases, as detailed
  in the Debian bug.

  [scope]

  This is needed only for Bionic and earlier.

  In Focal and later, and in Debian, rpcbind defaults to not opening the
  random reserved port.  The admin can use the -r parameter to cause
  rpcbind to restore the old behavior of opening the random reserved
  port.

  [other info]

  Note that the -r parameter is a Debian addition, and the upstream
  rpcbind has disabled the random port functionality at build time;
  there is no runtime parameter to allow the admin to choose the
  behavior.

  Also, as discussed in the Debian bug, disabling this rpcbind 'feature'
  is known to cause problems for the rpcinfo program, which is why
  Debian introduced the -r parameter. So, when this -r parameter is
  backported to Bionic and earlier, we must retain the default behavior
  for those releases, which is for rpcbind to open the random reserved
  port.

  Thus, the patch for this will first backport the upstream patch that adds 
functionality to be able to disable the 'remote calls' function, and also 
backports the debian patch to change that from a compile-time to run-time 
option. Then, another patch is added, which changes the default back to the 
behavior of x/b, which is for remote calls to be enabled by default,
  and also adds a check for the existence of an environment variable 
"RPCBIND_RMTCALL_DEFAULT_DISABLED" which, if defined (to anything), will change 
the default to disabled.

  This allows 1) retaining the existing default behavior of rpcbind in x
  and b, while also 2) providing a mechanism to change that default for
  anyone who does *not* want remote calls to be enabled, and 3) allowing
  the mechanism to change the default to remain in place after an
  upgrade to Focal. Using the environment variable allows anyone to
  disable the remote calls in x and/or b, and then upgrade to Focal
  without breaking rpcbind or needing to remove the env var. After the
  upgrade to Focal, the environment variable (defined in
  /etc/default/rpcbind and/or /etc/rpcbind.conf) will simply be ignored
  without any change needed to the rpcbind package in Focal or later.

  [original description]

  Binary package hint: cups

  cups 1.3.9-2ubuntu4
  From /var/log/cups/error_log:
  cups: unable to bind socket for address 127.0.0.1:631 - Address already in 
use.

  Nothing actually looks wrong. 127.0.0.1:631 is only in use by cupsd
  when started.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/304393/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launc

[Touch-packages] [Bug 304393] Re: rpcbind grabs ports used by other daemons such as cupsd

2020-08-12 Thread Robie Basak
The Ubuntu Xenial SRU looks fine in principle but is currently blocked
until the previous SRU is released. I've not reviewed this in detail
yet.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/304393

Title:
  rpcbind grabs ports used by other daemons such as cupsd

Status in cups package in Ubuntu:
  Invalid
Status in rpcbind package in Ubuntu:
  Fix Released
Status in rpcbind source package in Xenial:
  In Progress
Status in rpcbind source package in Bionic:
  Fix Committed
Status in rpcbind package in Debian:
  Fix Released
Status in Fedora:
  Confirmed

Bug description:
  [impact]

  rpcbind binds to a 'random' reserved port at startup, which can
  conflict with the reserved port number for other applications that
  actually 'own' the reserved port number. One example is cups, which
  uses the reserved port 631.

  This prevents the actual 'owner' of the reserved port from starting,
  since it can't bind to its reserved port.

  Additionally, this can raise alarms from security monitoring software
  that does not expect programs to be listening on random reserved
  ports.

  [test case]

  start rpcbind and check which ports it is listening on, e.g.:

  $ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
  udp0  0 0.0.0.0:614 0.0.0.0:* 
  4678/rpcbind

  each time rpcbind is restarted, it will be listening to a different
  'random' port.

  [regression potential]

  this adds a way to disable rpcbind from listening to the 'random'
  port. any regression would likely prevent rpcbind from starting, or
  may cause problems with the interaction between rpcinfo and rpcbind,
  as rpcinfo may use the random reserved port in some cases, as detailed
  in the Debian bug.

  [scope]

  This is needed only for Bionic and earlier.

  In Focal and later, and in Debian, rpcbind defaults to not opening the
  random reserved port.  The admin can use the -r parameter to cause
  rpcbind to restore the old behavior of opening the random reserved
  port.

  [other info]

  Note that the -r parameter is a Debian addition, and the upstream
  rpcbind has disabled the random port functionality at build time;
  there is no runtime parameter to allow the admin to choose the
  behavior.

  Also, as discussed in the Debian bug, disabling this rpcbind 'feature'
  is known to cause problems for the rpcinfo program, which is why
  Debian introduced the -r parameter. So, when this -r parameter is
  backported to Bionic and earlier, we must retain the default behavior
  for those releases, which is for rpcbind to open the random reserved
  port.

  Thus, the patch for this will first backport the upstream patch that adds 
functionality to be able to disable the 'remote calls' function, and also 
backports the debian patch to change that from a compile-time to run-time 
option. Then, another patch is added, which changes the default back to the 
behavior of x/b, which is for remote calls to be enabled by default,
  and also adds a check for the existence of an environment variable 
"RPCBIND_RMTCALL_DEFAULT_DISABLED" which, if defined (to anything), will change 
the default to disabled.

  This allows 1) retaining the existing default behavior of rpcbind in x
  and b, while also 2) providing a mechanism to change that default for
  anyone who does *not* want remote calls to be enabled, and 3) allowing
  the mechanism to change the default to remain in place after an
  upgrade to Focal. Using the environment variable allows anyone to
  disable the remote calls in x and/or b, and then upgrade to Focal
  without breaking rpcbind or needing to remove the env var. After the
  upgrade to Focal, the environment variable (defined in
  /etc/default/rpcbind and/or /etc/rpcbind.conf) will simply be ignored
  without any change needed to the rpcbind package in Focal or later.

  [original description]

  Binary package hint: cups

  cups 1.3.9-2ubuntu4
  From /var/log/cups/error_log:
  cups: unable to bind socket for address 127.0.0.1:631 - Address already in 
use.

  Nothing actually looks wrong. 127.0.0.1:631 is only in use by cupsd
  when started.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/304393/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 304393] Re: rpcbind grabs ports used by other daemons such as cupsd

2020-08-11 Thread Dan Streetman
bionic verification:

ubuntu@lp304393-b:~$ dpkg -l|grep rpcbind
ii  rpcbind  0.2.3-0.6   amd64  
  converts RPC program numbers into universal addresses
ubuntu@lp304393-b:~$ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
udp0  0 0.0.0.0:788 0.0.0.0:*   
13332/rpcbind   


after upgrade, same default behavior:

ubuntu@lp304393-b:~$ dpkg -l|grep rpcbind
ii  rpcbind  0.2.3-0.6ubuntu0.18.04.1amd64  
  converts RPC program numbers into universal addresses
ubuntu@lp304393-b:~$ sudo systemctl restart rpcbind
ubuntu@lp304393-b:~$ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
udp0  0 0.0.0.0:707 0.0.0.0:*   
14099/rpcbind   


with parameter set, random port is disabled:

ubuntu@lp304393-b:~$ cat /etc/default/rpcbind 
RPCBIND_RMTCALL_DEFAULT_DISABLED=1

ubuntu@lp304393-b:~$ sudo systemctl restart rpcbind
ubuntu@lp304393-b:~$ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
ubuntu@lp304393-b:~$ 


with param commented, default behavior restored:

ubuntu@lp304393-b:~$ cat /etc/default/rpcbind 
#RPCBIND_RMTCALL_DEFAULT_DISABLED=1

ubuntu@lp304393-b:~$ sudo systemctl restart rpcbind
ubuntu@lp304393-b:~$ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
udp0  0 0.0.0.0:877 0.0.0.0:*   
14269/rpcbind   


** Tags removed: verification-needed verification-needed-bionic
** Tags added: verification-done verification-done-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/304393

Title:
  rpcbind grabs ports used by other daemons such as cupsd

Status in cups package in Ubuntu:
  Invalid
Status in rpcbind package in Ubuntu:
  Fix Released
Status in rpcbind source package in Xenial:
  In Progress
Status in rpcbind source package in Bionic:
  Fix Committed
Status in rpcbind package in Debian:
  Fix Released
Status in Fedora:
  Confirmed

Bug description:
  [impact]

  rpcbind binds to a 'random' reserved port at startup, which can
  conflict with the reserved port number for other applications that
  actually 'own' the reserved port number. One example is cups, which
  uses the reserved port 631.

  This prevents the actual 'owner' of the reserved port from starting,
  since it can't bind to its reserved port.

  Additionally, this can raise alarms from security monitoring software
  that does not expect programs to be listening on random reserved
  ports.

  [test case]

  start rpcbind and check which ports it is listening on, e.g.:

  $ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
  udp0  0 0.0.0.0:614 0.0.0.0:* 
  4678/rpcbind

  each time rpcbind is restarted, it will be listening to a different
  'random' port.

  [regression potential]

  this adds a way to disable rpcbind from listening to the 'random'
  port. any regression would likely prevent rpcbind from starting, or
  may cause problems with the interaction between rpcinfo and rpcbind,
  as rpcinfo may use the random reserved port in some cases, as detailed
  in the Debian bug.

  [scope]

  This is needed only for Bionic and earlier.

  In Focal and later, and in Debian, rpcbind defaults to not opening the
  random reserved port.  The admin can use the -r parameter to cause
  rpcbind to restore the old behavior of opening the random reserved
  port.

  [other info]

  Note that the -r parameter is a Debian addition, and the upstream
  rpcbind has disabled the random port functionality at build time;
  there is no runtime parameter to allow the admin to choose the
  behavior.

  Also, as discussed in the Debian bug, disabling this rpcbind 'feature'
  is known to cause problems for the rpcinfo program, which is why
  Debian introduced the -r parameter. So, when this -r parameter is
  backported to Bionic and earlier, we must retain the default behavior
  for those releases, which is for rpcbind to open the random reserved
  port.

  Thus, the patch for this will first backport the upstream patch that adds 
functionality to be able to disable the 'remote calls' function, and also 
backports the debian patch to change that from a compile-time to run-time 
option. Then, another patch is added, which changes the default back to the 
behavior of x/b, which is for remote calls to be enabled by default,
  and also adds a check for the existence of an environment variable 
"RPCBIND_RMTCALL_DEFAULT_DISABLED" which, if defined (to anything), will change 
the default to disabled.

  This allows 1) retaining the existing default behavior of rpcbind in x
  and b, while also 2) providing a mechanism to change that default for
  anyone who does *not* want remote calls to be enabled, and 3) allowing
  the mechanism 

[Touch-packages] [Bug 304393] Re: rpcbind grabs ports used by other daemons such as cupsd

2020-08-07 Thread Timo Aaltonen
Hello Alvin, or anyone else affected,

Accepted rpcbind into bionic-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/rpcbind/0.2.3-0.6ubuntu0.18.04.1 in
a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
bionic to verification-done-bionic. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-bionic. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: rpcbind (Ubuntu Bionic)
   Status: In Progress => Fix Committed

** Tags added: verification-needed verification-needed-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/304393

Title:
  rpcbind grabs ports used by other daemons such as cupsd

Status in cups package in Ubuntu:
  Invalid
Status in rpcbind package in Ubuntu:
  Fix Released
Status in rpcbind source package in Xenial:
  In Progress
Status in rpcbind source package in Bionic:
  Fix Committed
Status in rpcbind package in Debian:
  Fix Released
Status in Fedora:
  Confirmed

Bug description:
  [impact]

  rpcbind binds to a 'random' reserved port at startup, which can
  conflict with the reserved port number for other applications that
  actually 'own' the reserved port number. One example is cups, which
  uses the reserved port 631.

  This prevents the actual 'owner' of the reserved port from starting,
  since it can't bind to its reserved port.

  Additionally, this can raise alarms from security monitoring software
  that does not expect programs to be listening on random reserved
  ports.

  [test case]

  start rpcbind and check which ports it is listening on, e.g.:

  $ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
  udp0  0 0.0.0.0:614 0.0.0.0:* 
  4678/rpcbind

  each time rpcbind is restarted, it will be listening to a different
  'random' port.

  [regression potential]

  this adds a way to disable rpcbind from listening to the 'random'
  port. any regression would likely prevent rpcbind from starting, or
  may cause problems with the interaction between rpcinfo and rpcbind,
  as rpcinfo may use the random reserved port in some cases, as detailed
  in the Debian bug.

  [scope]

  This is needed only for Bionic and earlier.

  In Focal and later, and in Debian, rpcbind defaults to not opening the
  random reserved port.  The admin can use the -r parameter to cause
  rpcbind to restore the old behavior of opening the random reserved
  port.

  [other info]

  Note that the -r parameter is a Debian addition, and the upstream
  rpcbind has disabled the random port functionality at build time;
  there is no runtime parameter to allow the admin to choose the
  behavior.

  Also, as discussed in the Debian bug, disabling this rpcbind 'feature'
  is known to cause problems for the rpcinfo program, which is why
  Debian introduced the -r parameter. So, when this -r parameter is
  backported to Bionic and earlier, we must retain the default behavior
  for those releases, which is for rpcbind to open the random reserved
  port.

  Thus, the patch for this will first backport the upstream patch that adds 
functionality to be able to disable the 'remote calls' function, and also 
backports the debian patch to change that from a compile-time to run-time 
option. Then, another patch is added, which changes the default back to the 
behavior of x/b, which is for remote calls to be enabled by default,
  and also adds a check for the existence of an environment variable 
"RPCBIND_RMTCALL_DEFAULT_DISABLED" which, if defined (to anything), will change 
the default to disabled.

  This allows 1) retaining the existing default behavior of rpcbind in x
  and b, while also 2) providing a mechanism to change that default for
  anyone who does *not* want remote calls to be enabled, and 3) allowing
  the mechanism to change the default to remain in place after an
  upgrade to Focal. Using the environment variable allows anyone to
  disable the remote calls in x and/or b, and then upgrade to Focal
  without breakin

[Touch-packages] [Bug 304393] Re: rpcbind grabs ports used by other daemons such as cupsd

2020-08-04 Thread Dan Streetman
** Description changed:

  [impact]
  
  rpcbind binds to a 'random' reserved port at startup, which can conflict
  with the reserved port number for other applications that actually 'own'
  the reserved port number. One example is cups, which uses the reserved
  port 631.
  
  This prevents the actual 'owner' of the reserved port from starting,
  since it can't bind to its reserved port.
  
  Additionally, this can raise alarms from security monitoring software
  that does not expect programs to be listening on random reserved ports.
  
  [test case]
  
  start rpcbind and check which ports it is listening on, e.g.:
  
  $ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
  udp0  0 0.0.0.0:614 0.0.0.0:* 
  4678/rpcbind
  
  each time rpcbind is restarted, it will be listening to a different
  'random' port.
  
  [regression potential]
  
  this adds a way to disable rpcbind from listening to the 'random' port.
  any regression would likely prevent rpcbind from starting, or may cause
  problems with the interaction between rpcinfo and rpcbind, as rpcinfo
  may use the random reserved port in some cases, as detailed in the
  Debian bug.
  
  [scope]
  
  This is needed only for Bionic and earlier.
  
  In Focal and later, and in Debian, rpcbind defaults to not opening the
  random reserved port.  The admin can use the -r parameter to cause
  rpcbind to restore the old behavior of opening the random reserved port.
  
  [other info]
  
  Note that the -r parameter is a Debian addition, and the upstream
  rpcbind has disabled the random port functionality at build time; there
  is no runtime parameter to allow the admin to choose the behavior.
  
  Also, as discussed in the Debian bug, disabling this rpcbind 'feature'
  is known to cause problems for the rpcinfo program, which is why Debian
  introduced the -r parameter. So, when this -r parameter is backported to
  Bionic and earlier, we must retain the default behavior for those
  releases, which is for rpcbind to open the random reserved port.
  
  Thus, the patch for this will first backport the upstream patch that adds 
functionality to be able to disable the 'remote calls' function, and also 
backports the debian patch to change that from a compile-time to run-time 
option. Then, another patch is added, which changes the default back to the 
behavior of x/b, which is for remote calls to be enabled by default,
- and also adds a check for the existence of an environment variable 
"RPCBIND_RMTCALLS_DEFAULT_DISABLED" which, if defined (to anything), will 
change the default to disabled.
+ and also adds a check for the existence of an environment variable 
"RPCBIND_RMTCALL_DEFAULT_DISABLED" which, if defined (to anything), will change 
the default to disabled.
  
  This allows 1) retaining the existing default behavior of rpcbind in x
  and b, while also 2) providing a mechanism to change that default for
  anyone who does *not* want remote calls to be enabled, and 3) allowing
  the mechanism to change the default to remain in place after an upgrade
  to Focal. Using the environment variable, instead of changing or adding
  the cmdline parameter, allows anyone using the variable to disable the
  remote calls default to upgrade to Focal without breaking rpcbind. After
  the upgrade to Focal, the environment variable (defined in
  /etc/default/rpcbind and/or /etc/rpcbind.conf) will simply be ignored
  without any change needed to the rpcbind package in Focal or later.
  
  [original description]
  
  As this backports that functionality, it
  
  Binary package hint: cups
  
  cups 1.3.9-2ubuntu4
  From /var/log/cups/error_log:
  cups: unable to bind socket for address 127.0.0.1:631 - Address already in 
use.
  
  Nothing actually looks wrong. 127.0.0.1:631 is only in use by cupsd when
  started.

** Description changed:

  [impact]
  
  rpcbind binds to a 'random' reserved port at startup, which can conflict
  with the reserved port number for other applications that actually 'own'
  the reserved port number. One example is cups, which uses the reserved
  port 631.
  
  This prevents the actual 'owner' of the reserved port from starting,
  since it can't bind to its reserved port.
  
  Additionally, this can raise alarms from security monitoring software
  that does not expect programs to be listening on random reserved ports.
  
  [test case]
  
  start rpcbind and check which ports it is listening on, e.g.:
  
  $ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
  udp0  0 0.0.0.0:614 0.0.0.0:* 
  4678/rpcbind
  
  each time rpcbind is restarted, it will be listening to a different
  'random' port.
  
  [regression potential]
  
  this adds a way to disable rpcbind from listening to the 'random' port.
  any regression would likely prevent rpcbind from starting, or may cause
  problems with the interaction between rpcinfo and rpcbind, as rpcinfo
  ma

[Touch-packages] [Bug 304393] Re: rpcbind grabs ports used by other daemons such as cupsd

2020-07-17 Thread Dan Streetman
** Tags added: sts

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/304393

Title:
  rpcbind grabs ports used by other daemons such as cupsd

Status in cups package in Ubuntu:
  Invalid
Status in rpcbind package in Ubuntu:
  Fix Released
Status in rpcbind source package in Xenial:
  In Progress
Status in rpcbind source package in Bionic:
  In Progress
Status in rpcbind package in Debian:
  Fix Released
Status in Fedora:
  Confirmed

Bug description:
  [impact]

  rpcbind binds to a 'random' reserved port at startup, which can
  conflict with the reserved port number for other applications that
  actually 'own' the reserved port number. One example is cups, which
  uses the reserved port 631.

  This prevents the actual 'owner' of the reserved port from starting,
  since it can't bind to its reserved port.

  Additionally, this can raise alarms from security monitoring software
  that does not expect programs to be listening on random reserved
  ports.

  [test case]

  start rpcbind and check which ports it is listening on, e.g.:

  $ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
  udp0  0 0.0.0.0:614 0.0.0.0:* 
  4678/rpcbind

  each time rpcbind is restarted, it will be listening to a different
  'random' port.

  [regression potential]

  this adds a way to disable rpcbind from listening to the 'random'
  port. any regression would likely prevent rpcbind from starting, or
  may cause problems with the interaction between rpcinfo and rpcbind,
  as rpcinfo may use the random reserved port in some cases, as detailed
  in the Debian bug.

  [scope]

  This is needed only for Bionic and earlier.

  In Focal and later, and in Debian, rpcbind defaults to not opening the
  random reserved port.  The admin can use the -r parameter to cause
  rpcbind to restore the old behavior of opening the random reserved
  port.

  [other info]

  Note that the -r parameter is a Debian addition, and the upstream
  rpcbind has disabled the random port functionality at build time;
  there is no runtime parameter to allow the admin to choose the
  behavior.

  Also, as discussed in the Debian bug, disabling this rpcbind 'feature'
  is known to cause problems for the rpcinfo program, which is why
  Debian introduced the -r parameter. So, when this -r parameter is
  backported to Bionic and earlier, we must retain the default behavior
  for those releases, which is for rpcbind to open the random reserved
  port.

  Thus, the patch for this will first backport the upstream patch that adds 
functionality to be able to disable the 'remote calls' function, and also 
backports the debian patch to change that from a compile-time to run-time 
option. Then, another patch is added, which changes the default back to the 
behavior of x/b, which is for remote calls to be enabled by default,
  and also adds a check for the existence of an environment variable 
"RPCBIND_RMTCALLS_DEFAULT_DISABLED" which, if defined (to anything), will 
change the default to disabled.

  This allows 1) retaining the existing default behavior of rpcbind in x
  and b, while also 2) providing a mechanism to change that default for
  anyone who does *not* want remote calls to be enabled, and 3) allowing
  the mechanism to change the default to remain in place after an
  upgrade to Focal. Using the environment variable, instead of changing
  or adding the cmdline parameter, allows anyone using the variable to
  disable the remote calls default to upgrade to Focal without breaking
  rpcbind. After the upgrade to Focal, the environment variable (defined
  in /etc/default/rpcbind and/or /etc/rpcbind.conf) will simply be
  ignored without any change needed to the rpcbind package in Focal or
  later.

  [original description]

  As this backports that functionality, it

  Binary package hint: cups

  cups 1.3.9-2ubuntu4
  From /var/log/cups/error_log:
  cups: unable to bind socket for address 127.0.0.1:631 - Address already in 
use.

  Nothing actually looks wrong. 127.0.0.1:631 is only in use by cupsd
  when started.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/304393/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 304393] Re: rpcbind grabs ports used by other daemons such as cupsd

2020-07-17 Thread Dan Streetman
** Description changed:

  [impact]
  
  rpcbind binds to a 'random' reserved port at startup, which can conflict
  with the reserved port number for other applications that actually 'own'
  the reserved port number. One example is cups, which uses the reserved
  port 631.
  
  This prevents the actual 'owner' of the reserved port from starting,
  since it can't bind to its reserved port.
  
  Additionally, this can raise alarms from security monitoring software
  that does not expect programs to be listening on random reserved ports.
  
  [test case]
  
  start rpcbind and check which ports it is listening on, e.g.:
  
  $ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
- udp0  0 0.0.0.0:614 0.0.0.0:* 
  4678/rpcbind
+ udp0  0 0.0.0.0:614 0.0.0.0:* 
  4678/rpcbind
  
  each time rpcbind is restarted, it will be listening to a different
  'random' port.
  
  [regression potential]
  
- this adds a method to disable rpcbind from listening to the 'random'
- port. any regression would likely prevent rpcbind from starting, or may
- cause problems with the interaction between rpcinfo and rpcbind, as
- rpcinfo may use the random reserved port in some cases, as detailed in
- the Debian bug.
+ this adds a way to disable rpcbind from listening to the 'random' port.
+ any regression would likely prevent rpcbind from starting, or may cause
+ problems with the interaction between rpcinfo and rpcbind, as rpcinfo
+ may use the random reserved port in some cases, as detailed in the
+ Debian bug.
  
  [scope]
  
  This is needed only for Bionic and earlier.
  
  In Focal and later, and in Debian, rpcbind defaults to not opening the
  random reserved port.  The admin can use the -r parameter to cause
  rpcbind to restore the old behavior of opening the random reserved port.
  
  [other info]
  
  Note that the -r parameter is a Debian addition, and the upstream
  rpcbind has disabled the random port functionality at build time; there
  is no runtime parameter to allow the admin to choose the behavior.
  
  Also, as discussed in the Debian bug, disabling this rpcbind 'feature'
  is known to cause problems for the rpcinfo program, which is why Debian
  introduced the -r parameter. So, when this -r parameter is backported to
  Bionic and earlier, we must retain the default behavior for those
  releases, which is for rpcbind to open the random reserved port.
  
- TBD: specific method to disable rmtcalls in backport
+ Thus, the patch for this will first backport the upstream patch that adds 
functionality to be able to disable the 'remote calls' function, and also 
backports the debian patch to change that from a compile-time to run-time 
option. Then, another patch is added, which changes the default back to the 
behavior of x/b, which is for remote calls to be enabled by default,
+ and also adds a check for the existence of an environment variable 
"RPCBIND_RMTCALLS_DEFAULT_DISABLED" which, if defined (to anything), will 
change the default to disabled.
  
+ This allows 1) retaining the existing default behavior of rpcbind in x
+ and b, while also 2) providing a mechanism to change that default for
+ anyone who does *not* want remote calls to be enabled, and 3) allowing
+ the mechanism to change the default to remain in place after an upgrade
+ to Focal. Using the environment variable, instead of changing or adding
+ the cmdline parameter, allows anyone using the variable to disable the
+ remote calls default to upgrade to Focal without breaking rpcbind. After
+ the upgrade to Focal, the environment variable (defined in
+ /etc/default/rpcbind and/or /etc/rpcbind.conf) will simply be ignored
+ without any change needed to the rpcbind package in Focal or later.
  
  [original description]
  
  As this backports that functionality, it
  
  Binary package hint: cups
  
  cups 1.3.9-2ubuntu4
  From /var/log/cups/error_log:
  cups: unable to bind socket for address 127.0.0.1:631 - Address already in 
use.
  
  Nothing actually looks wrong. 127.0.0.1:631 is only in use by cupsd when
  started.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/304393

Title:
  rpcbind grabs ports used by other daemons such as cupsd

Status in cups package in Ubuntu:
  Invalid
Status in rpcbind package in Ubuntu:
  Fix Released
Status in rpcbind source package in Xenial:
  In Progress
Status in rpcbind source package in Bionic:
  In Progress
Status in rpcbind package in Debian:
  Fix Released
Status in Fedora:
  Confirmed

Bug description:
  [impact]

  rpcbind binds to a 'random' reserved port at startup, which can
  conflict with the reserved port number for other applications that
  actually 'own' the reserved port number. One example is cups, which
  uses the reserved port 631.

  This prevents the actual 'owner' of th

[Touch-packages] [Bug 304393] Re: rpcbind grabs ports used by other daemons such as cupsd

2020-06-28 Thread Bug Watch Updater
** Changed in: rpcbind (Debian)
   Status: Unknown => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/304393

Title:
  rpcbind grabs ports used by other daemons such as cupsd

Status in cups package in Ubuntu:
  Invalid
Status in rpcbind package in Ubuntu:
  Fix Released
Status in rpcbind source package in Xenial:
  In Progress
Status in rpcbind source package in Bionic:
  In Progress
Status in rpcbind package in Debian:
  Fix Released
Status in Fedora:
  Confirmed

Bug description:
  [impact]

  rpcbind binds to a 'random' reserved port at startup, which can
  conflict with the reserved port number for other applications that
  actually 'own' the reserved port number. One example is cups, which
  uses the reserved port 631.

  This prevents the actual 'owner' of the reserved port from starting,
  since it can't bind to its reserved port.

  Additionally, this can raise alarms from security monitoring software
  that does not expect programs to be listening on random reserved
  ports.

  [test case]

  start rpcbind and check which ports it is listening on, e.g.:

  $ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
  udp0  0 0.0.0.0:614 0.0.0.0:* 
  4678/rpcbind

  each time rpcbind is restarted, it will be listening to a different
  'random' port.

  [regression potential]

  this adds a method to disable rpcbind from listening to the 'random'
  port. any regression would likely prevent rpcbind from starting, or
  may cause problems with the interaction between rpcinfo and rpcbind,
  as rpcinfo may use the random reserved port in some cases, as detailed
  in the Debian bug.

  [scope]

  This is needed only for Bionic and earlier.

  In Focal and later, and in Debian, rpcbind defaults to not opening the
  random reserved port.  The admin can use the -r parameter to cause
  rpcbind to restore the old behavior of opening the random reserved
  port.

  [other info]

  Note that the -r parameter is a Debian addition, and the upstream
  rpcbind has disabled the random port functionality at build time;
  there is no runtime parameter to allow the admin to choose the
  behavior.

  Also, as discussed in the Debian bug, disabling this rpcbind 'feature'
  is known to cause problems for the rpcinfo program, which is why
  Debian introduced the -r parameter. So, when this -r parameter is
  backported to Bionic and earlier, we must retain the default behavior
  for those releases, which is for rpcbind to open the random reserved
  port.

  TBD: specific method to disable rmtcalls in backport

  
  [original description]

  As this backports that functionality, it

  Binary package hint: cups

  cups 1.3.9-2ubuntu4
  From /var/log/cups/error_log:
  cups: unable to bind socket for address 127.0.0.1:631 - Address already in 
use.

  Nothing actually looks wrong. 127.0.0.1:631 is only in use by cupsd
  when started.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/304393/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 304393] Re: rpcbind grabs ports used by other daemons such as cupsd

2020-06-27 Thread Dan Streetman
** Description changed:

+ [impact]
+ 
+ rpcbind binds to a 'random' reserved port at startup, which can conflict
+ with the reserved port number for other applications that actually 'own'
+ the reserved port number. One example is cups, which uses the reserved
+ port 631.
+ 
+ This prevents the actual 'owner' of the reserved port from starting,
+ since it can't bind to its reserved port.
+ 
+ Additionally, this can raise alarms from security monitoring software
+ that does not expect programs to be listening on random reserved ports.
+ 
+ [test case]
+ 
+ start rpcbind and check which ports it is listening on, e.g.:
+ 
+ $ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
+ udp0  0 0.0.0.0:614 0.0.0.0:* 
  4678/rpcbind
+ 
+ each time rpcbind is restarted, it will be listening to a different
+ 'random' port.
+ 
+ [regression potential]
+ 
+ this adds a method to disable rpcbind from listening to the 'random'
+ port. any regression would likely prevent rpcbind from starting, or may
+ cause problems with the interaction between rpcinfo and rpcbind, as
+ rpcinfo may use the random reserved port in some cases, as detailed in
+ the Debian bug.
+ 
+ [scope]
+ 
+ This is needed only for Bionic and earlier.
+ 
+ In Focal and later, and in Debian, rpcbind defaults to not opening the
+ random reserved port.  The admin can use the -r parameter to cause
+ rpcbind to restore the old behavior of opening the random reserved port.
+ 
+ [other info]
+ 
+ Note that the -r parameter is a Debian addition, and the upstream
+ rpcbind has disabled the random port functionality at build time; there
+ is no runtime parameter to allow the admin to choose the behavior.
+ 
+ Also, as discussed in the Debian bug, disabling this rpcbind 'feature'
+ is known to cause problems for the rpcinfo program, which is why Debian
+ introduced the -r parameter. So, when this -r parameter is backported to
+ Bionic and earlier, we must retain the default behavior for those
+ releases, which is for rpcbind to open the random reserved port.
+ 
+ TBD: specific method to disable rmtcalls in backport
+ 
+ 
+ [original description]
+ 
+ As this backports that functionality, it
+ 
  Binary package hint: cups
  
  cups 1.3.9-2ubuntu4
  From /var/log/cups/error_log:
  cups: unable to bind socket for address 127.0.0.1:631 - Address already in 
use.
  
  Nothing actually looks wrong. 127.0.0.1:631 is only in use by cupsd when
  started.

** Changed in: rpcbind (Ubuntu Bionic)
 Assignee: (unassigned) => Dan Streetman (ddstreet)

** Changed in: rpcbind (Ubuntu Xenial)
 Assignee: (unassigned) => Dan Streetman (ddstreet)

** Changed in: rpcbind (Ubuntu Bionic)
   Importance: Undecided => Medium

** Changed in: rpcbind (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: rpcbind (Ubuntu Bionic)
   Status: New => In Progress

** Changed in: rpcbind (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: rpcbind (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/304393

Title:
  rpcbind grabs ports used by other daemons such as cupsd

Status in cups package in Ubuntu:
  Invalid
Status in rpcbind package in Ubuntu:
  Fix Released
Status in rpcbind source package in Xenial:
  In Progress
Status in rpcbind source package in Bionic:
  In Progress
Status in rpcbind package in Debian:
  Unknown
Status in Fedora:
  Confirmed

Bug description:
  [impact]

  rpcbind binds to a 'random' reserved port at startup, which can
  conflict with the reserved port number for other applications that
  actually 'own' the reserved port number. One example is cups, which
  uses the reserved port 631.

  This prevents the actual 'owner' of the reserved port from starting,
  since it can't bind to its reserved port.

  Additionally, this can raise alarms from security monitoring software
  that does not expect programs to be listening on random reserved
  ports.

  [test case]

  start rpcbind and check which ports it is listening on, e.g.:

  $ sudo netstat --inet -p -l | grep rpcbind | grep -v sunrpc
  udp0  0 0.0.0.0:614 0.0.0.0:* 
  4678/rpcbind

  each time rpcbind is restarted, it will be listening to a different
  'random' port.

  [regression potential]

  this adds a method to disable rpcbind from listening to the 'random'
  port. any regression would likely prevent rpcbind from starting, or
  may cause problems with the interaction between rpcinfo and rpcbind,
  as rpcinfo may use the random reserved port in some cases, as detailed
  in the Debian bug.

  [scope]

  This is needed only for Bionic and earlier.

  In Focal and later, and in Debian, rpcbind defaults to not opening the
  random reserved port.  The admin can use the -r parameter to cause
  rpcbind to restore

[Touch-packages] [Bug 304393] Re: rpcbind grabs ports used by other daemons such as cupsd

2020-06-27 Thread Dan Streetman
** Also affects: cups (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Also affects: rpcbind (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Also affects: cups (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: rpcbind (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: cups (Ubuntu)
   Status: Confirmed => Invalid

** No longer affects: cups (Ubuntu Xenial)

** No longer affects: cups (Ubuntu Bionic)

** Bug watch added: Debian Bug tracker #939890
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939890

** Also affects: rpcbind (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939890
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/304393

Title:
  rpcbind grabs ports used by other daemons such as cupsd

Status in cups package in Ubuntu:
  Invalid
Status in rpcbind package in Ubuntu:
  New
Status in rpcbind source package in Xenial:
  New
Status in rpcbind source package in Bionic:
  New
Status in rpcbind package in Debian:
  Unknown
Status in Fedora:
  Confirmed

Bug description:
  Binary package hint: cups

  cups 1.3.9-2ubuntu4
  From /var/log/cups/error_log:
  cups: unable to bind socket for address 127.0.0.1:631 - Address already in 
use.

  Nothing actually looks wrong. 127.0.0.1:631 is only in use by cupsd
  when started.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/304393/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 304393] Re: rpcbind grabs ports used by other daemons such as cupsd

2020-01-21 Thread Bug Watch Updater
Launchpad has imported 77 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=103401.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.


On 2003-08-29T20:13:45+00:00 sbonnevi wrote:

Description of problem:

On boot, ypbind occasionally grabs port 631/udp, blocking CUPS from binding to
the port.  This is a glibc problem because ypbind is a RPC service that has its
port assigned dynamically through bindresvport().

The code in libc/sunrpc/bindrsvprt.c shows the port number is assigned purely
based on the PID of the ypbind process, something like

  port = (PID % 424) + 600

The PID seems to vary slightly from reboot to reboot, but generally is in the
870s on the machine in question, resulting in ports assigned in the vicinity of
630.  CUPS (actually, IPP) has ports 631/tcp and 631/udp reserved.  NIS starts
first, so it wins, and since CUPS has a reserved Well Known Port, it can't
relocate and loses.

Version-Release number of selected component (if applicable):
glibc-2.3.2-27.9

How reproducible:
Depends entirely on the PID handed to ypbind on boot, and the exact set of
services configured affects this.  

Suggested Fix:
The glibc algorithm already blacklists all reserved ports below 600, presumably
to avoid this exact problem.  Consider altering the code to blacklist 5 to 8
additional ports in the 600-1023 range that are or may be in common use:

  631 (IPP == CUPS)
  636 (LDAPS)
  749 (Kerberos V kadmin)
  873 (rsyncd)
  992-995 (SSL-enabled telnet, IMAP, IRC, and POP3)

The ports lost could be recovered, if desired, by allowing ports in the 590-600
range to be assigned by bindrsvprt().

Reply at:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/304393/comments/0


On 2003-09-01T21:43:29+00:00 jakub wrote:

According to Ulrich Drepper, daemons requiring specific ports in the 600-1023
range need to be started before any daemons using bindresvport.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/304393/comments/1


On 2003-09-02T16:29:53+00:00 twaugh wrote:

I think that portmap ought to be tought how to avoid a list of ports. 
Otherwise, once I've stopped cupsd (for whatever reason) and restarted ypbind, I
can no longer be sure that cupsd will ever start again.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/304393/comments/2


On 2003-09-02T21:06:25+00:00 twaugh wrote:

(see above comment)

Reply at:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/304393/comments/3


On 2003-09-03T06:04:59+00:00 sbonnevi wrote:

If you accept Ulrich's argument that this is a service bug, then this is NOT
just a CUPS bug.  It's also a bug against xinetd-2.3.12-0.3E, openldap-2.0.27-9,
and krb5-server-1.2.7-15.  ALL of the services in the distribution that I know
about that use Well Known Ports in the 600-1023 range start up AFTER ypbind, not
before! 





Reply at:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/304393/comments/4


On 2003-09-03T15:04:29+00:00 twaugh wrote:

This problem should be solved in portmap.  Here is a proof-of-concept, which I
think should be merged into portmap: http://cyberelk.net/tim/portreserve.  In
summary: portmap should read a directory of configuration files, one per daemon,
each containing the name of the service that is out of bounds.

(I know that bindresvport is the culprit, but what other users of that are there
really?)

Reply at:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/304393/comments/5


On 2003-11-15T00:51:46+00:00 sbonnevi wrote:

I'm moving this to RHEL 3 because we're still seeing this in operation
on servers with that version installed.

I don't know what else uses bindresvport, if anything, I just know
that if you have ypserv and CUPS running, there's a pretty decent
chance of a collision on boot which breaks CUPS.


Reply at:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/304393/comments/6


On 2003-12-24T10:32:08+00:00 jorton wrote:

spamassassin's spamd is another possible collision (though not in
RHEL), it uses port 783 by default.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/304393/comments/7


On 2004-01-07T04:50:06+00:00 aleksey wrote:

*** Bug 8398

[Touch-packages] [Bug 304393] Re: rpcbind grabs ports used by other daemons such as cupsd

2017-10-27 Thread Bug Watch Updater
** Changed in: fedora
   Status: Unknown => Confirmed

** Changed in: fedora
   Importance: Unknown => Critical

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/304393

Title:
  rpcbind grabs ports used by other daemons such as cupsd

Status in cups package in Ubuntu:
  Confirmed
Status in rpcbind package in Ubuntu:
  New
Status in Fedora:
  Confirmed

Bug description:
  Binary package hint: cups

  cups 1.3.9-2ubuntu4
  From /var/log/cups/error_log:
  cups: unable to bind socket for address 127.0.0.1:631 - Address already in 
use.

  Nothing actually looks wrong. 127.0.0.1:631 is only in use by cupsd
  when started.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/304393/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp