Discussion:
Question about a random UDP port on rpcbind 0.2.3 started by systemd
(too old to reply)
Bao Nguyen
2018-01-26 02:48:02 UTC
Permalink
Raw Message
Hello evryone,

I would like to ask you a question regarding the new random UDP port in
rpcbind 0.2.3.

In rpcbind 0.2.3, when I start rpcbind (version 0.2.3) through
rpcbind.service, then I do netstat

udp 0 0 0.0.0.0:111 0.0.0.0:*
10408/rpcbind
udp 0 0 0.0.0.0:831 0.0.0.0:*
10408/rpcbind
udp6 0 0 :::111 :::*
10408/rpcbind
udp6 0 0 :::831 :::*
10408/rpcbind

The rpcbind does not only listen on port 111 but also on a random udp port
"831" in this case, this port is changed every time the rpcbind service
retstarts. And it listens on 0.0.0.0 so it opens a hole on security.

I have looked into the change of rpcbind 0.2.3 and found the change "
rpcbind: add support for systemd socket activation", it calls a
function sd_listen_fds, I do not know much about systemd socket activation
programming, does the "831" port is generated from rpcbind to communicate
with systemd socket activation?

Could you please let me know what this port is for and is there any way to
avoid that like force it listen on a internal interface rather than on any
interfaces like that? As the rpcbind is started from systemd so "-h" option
is invalid as the man page says:


-h Specify specific IP addresses to bind to for UDP requests. This
option may be specified multiple times and can be used to restrict the
interfaces rpcbind will respond to. Note that when rpcbind is controlled
via sys-
temd's socket activation, the -h option is ignored. In this
case, you need to edit the ListenStream and ListenDgram definitions in
/usr/lib/systemd/system/rpcbind.socket instead.



Thanks a lot,
Brs,
Bao
Jérémy Rosen
2018-01-26 08:35:41 UTC
Permalink
Raw Message
if you have the mentionned file (/usr/lib/systemd/system/rpcbind.socket)
then systemd will open whatever port is described in there and pass it
pre-opened to rpcbind.

systemd has no idea what that port is for and the file mentionned above
was provided to systemd by the rpcbind package. You should really ask
the rpcbind people what it is for, systemd is just the messenger here...
Post by Bao Nguyen
Hello evryone,
I would like to ask you a question regarding the new random UDP port in
rpcbind 0.2.3.
In rpcbind 0.2.3, when I start rpcbind (version 0.2.3) through
rpcbind.service, then I do netstat
udp 0 0 0.0.0.0:111 0.0.0.0:*
10408/rpcbind
udp 0 0 0.0.0.0:831 0.0.0.0:*
10408/rpcbind
udp6 0 0 :::111 :::*
10408/rpcbind
udp6 0 0 :::831 :::*
10408/rpcbind
The rpcbind does not only listen on port 111 but also on a random udp port
"831" in this case, this port is changed every time the rpcbind service
retstarts. And it listens on 0.0.0.0 so it opens a hole on security.
I have looked into the change of rpcbind 0.2.3 and found the change "
rpcbind: add support for systemd socket activation", it calls a
function sd_listen_fds, I do not know much about systemd socket activation
programming, does the "831" port is generated from rpcbind to communicate
with systemd socket activation?
Could you please let me know what this port is for and is there any way to
avoid that like force it listen on a internal interface rather than on any
interfaces like that? As the rpcbind is started from systemd so "-h" option
-h Specify specific IP addresses to bind to for UDP requests. This
option may be specified multiple times and can be used to restrict the
interfaces rpcbind will respond to. Note that when rpcbind is controlled
via sys-
temd's socket activation, the -h option is ignored. In this
case, you need to edit the ListenStream and ListenDgram definitions in
/usr/lib/systemd/system/rpcbind.socket instead.
Thanks a lot,
Brs,
Bao
_______________________________________________
systemd-devel mailing list
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
SMILE <http://www.smile.eu/>

20 rue des Jardins
92600 AsniÚres-sur-Seine


*Jérémy ROSEN*
Architecte technique
Responsable de l'expertise Smile-ECS

email ***@smile.fr <mailto:***@smile.fr>
phone +33141402967
url http://www.smile.eu

Twitter <https://twitter.com/GroupeSmile> Facebook
<https://www.facebook.com/smileopensource> LinkedIn
<https://www.linkedin.com/company/smile> Github
<https://github.com/Smile-SA>


Découvrez l’univers Smile, rendez-vous sur smile.eu
<http://smile.eu/?utm_source=signature&utm_medium=email&utm_campaign=signature>

eco Pour la planÚte, n'imprimez ce mail que si c'est nécessaire
Loading...