| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Oct 2006 20:53:06 -0500 From: Matt Domsch <Matt_Domsch@...l.com> To: Trond Myklebust <Trond.Myklebust@...app.com> Cc: Alan Cox <alan@...rguk.ukuu.org.uk>, Jan Engelhardt <jengelh@...ux01.gwdg.de>, Greg KH <gregkh@...e.de>, linux-kernel@...r.kernel.org, stable@...nel.org, Justin Forbes <jmforbes@...uxtx.org>, Zwane Mwaikambo <zwane@....linux.org.uk>, "Theodore Ts'o" <tytso@....edu>, Randy Dunlap <rdunlap@...otime.net>, Dave Jones <davej@...hat.com>, Chuck Wolber <chuckw@...ntumlinux.com>, Chris Wedgwood <reviews@...cw.f00f.org>, Michael Krufky <mkrufky@...uxtv.org>, torvalds@...l.org, akpm@...l.org, Chuck Lever <chuck.lever@...cle.com> Subject: Re: [patch 03/19] SUNRPC: avoid choosing an IPMI port for RPC traffic On Wed, Oct 11, 2006 at 06:35:05PM -0700, Trond Myklebust wrote: > On Thu, 2006-10-12 at 02:12 +0100, Alan Cox wrote: > > Ar Mer, 2006-10-11 am 19:45 -0400, ysgrifennodd Trond Myklebust: > > > Feel free to tell the board manufacturers that they are idiots, and > > > should not design boards that hijack specific ports without providing > > > the O/S with any means of detecting this, but in the meantime, it _is_ > > > the case that they are doing this. > > > > Then their hardware is faulty and should be specifically blacklisted not > > make everyone have to deal with silly unmaintainable hacks. > > They are not hacks. The actual range of ports used by the RPC client is > set using /proc/sys/sunrpc/(min|max)_resvport. People that don't have > broken motherboards can override the default range, which is all that we > are changing here. > > To be fair, the motherboard manufacturers have actually registered these > ports with IANA: > > asf-rmcp 623/tcp ASF Remote Management and Control Protocol > asf-rmcp 623/udp ASF Remote Management and Control Protocol > > asf-secure-rmcp 664/tcp ASF Secure Remote Management and Control Protocol > asf-secure-rmcp 664/udp ASF Secure Remote Management and Control Protocol > > but the problem remains that we have no way to actually detect a > motherboard that uses those ports. My hackish solution was to create a fake xinetd service listening on those ports. http://lists.us.dell.com/pipermail/linux-poweredge/2005-November/023606.html For the one Dell server affected, we could DMI list it; likewise for others. -- Matt Domsch Software Architect Dell Linux Solutions linux.dell.com & www.dell.com/linux Linux on Dell mailing lists @ http://lists.us.dell.com - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists