From owner-freebsd-security@FreeBSD.ORG  Tue Nov 23 15:11:28 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4330C16A4CE
	for <freebsd-security@freebsd.org>;
	Tue, 23 Nov 2004 15:11:28 +0000 (GMT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CF3BE43D49
	for <freebsd-security@freebsd.org>;
	Tue, 23 Nov 2004 15:11:27 +0000 (GMT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (localhost [127.0.0.1])
	by fledge.watson.org (8.13.1/8.13.1) with ESMTP id iANF9f9J089399;
	Tue, 23 Nov 2004 10:09:41 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Received: from localhost (robert@localhost)iANF9fvg089396;
	Tue, 23 Nov 2004 15:09:41 GMT
	(envelope-from robert@fledge.watson.org)
Date: Tue, 23 Nov 2004 15:09:41 +0000 (GMT)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: Michal Mertl <mime@traveller.cz>
In-Reply-To: <41A1085B.6000807@traveller.cz>
Message-ID: <Pine.NEB.3.96L.1041123143713.66539P-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-security@freebsd.org
Subject: Re: mac_portacl and automatic port allocation
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Nov 2004 15:11:28 -0000


On Sun, 21 Nov 2004, Michal Mertl wrote:

> I really like the idea behind mac_portacl but I find it difficult to use
> it because of one issue. When an unprivileged program binds to high
> automatic port with a call to bind(2) and port number set to 0 the
> system chooses the port to bind to itself. This mechanismus is used by
> number of programs, most commonly by ftp clients in active mode.
> Unfortunately this 0 is checked by the mac_portacl(4) module and the
> call to bind is refused. Rather simple fix would be to check if the
> local port is 0 and user hasn't asked for IP_PORTRANGE_LOW and then
> allow the call to trivially succeed. It can be controlled by a sysctl if
> needed. 
> 
> What do you think of the patch below?

Seems like a good change to me.  Technically, there's probably a slight
atomicity problem relating to threads, since one thread could change the
flag while another thread is making the call to bind the socket.  I'm not
sure that's easily fixed without a specific MAC check in the inet code,
and what you propose is certainly a big improvement over what is there.

I'll get this, sans the printf, merged sometime today.

Thanks!

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Principal Research Scientist, McAfee Research