Modify

Opened 10 years ago

Closed 10 years ago

Last modified 4 years ago

#2317 closed defect (fixed)

portmap starts with UID 1

Reported by: puchu Owned by: nico
Priority: normal Milestone: Barrier Breaker 14.07
Component: packages Version:
Keywords: Cc:

Description (last modified by nico)

portmap start with userid 1
and lsof gives me this error ....

lsof: no pwd entry for UID 1
lsof: no pwd entry for UID 1
lsof: no pwd entry for UID 1
lsof: no pwd entry for UID 1
lsof: no pwd entry for UID 1
lsof: no pwd entry for UID 1
lsof: no pwd entry for UID 1
lsof: no pwd entry for UID 1
lsof: no pwd entry for UID 1
lsof: no pwd entry for UID 1

output from top

Mem: 11184K used, 18536K free, 0K shrd, 404K buff, 4624K cached
Load average: 0.00 0.03 0.08
  PID USER     STATUS   RSS  PPID %CPU %MEM COMMAND
 3073 root     R        400  3071  2.8  1.3 top
 3059 root     S        564  3058  0.0  1.8 ash
 3058 root     S        560  1720  0.0  1.8 dropbear
 3070 root     S        560  1720  0.0  1.8 dropbear
 2123 root     S        556     1  0.0  1.8 ntpd
 3071 root     S        504  3070  0.0  1.6 ash
  777 root     S        416     1  0.0  1.3 syslogd
  775 root     S        404     1  0.0  1.3 logger
    1 root     S        396     0  0.0  1.3 busybox
 1711 root     S        388     1  0.0  1.3 crond
 1727 nobody   S        384     1  0.0  1.2 dnsmasq
 1734 root     S        384     1  0.0  1.2 rpc.statd
  795 root     S        380     1  0.0  1.2 syslogd
  778 root     S        368     1  0.0  1.2 klogd
 1720 root     S        340     1  0.0  1.1 dropbear
  798 root     S        292     1  0.0  0.9 klogd
  806 root     S        264     1  0.0  0.8 hotplug2
 1612 1        S        264     1  0.0  0.8 portmap
 1750 root     S        212     1  0.0  0.7 rpc.mountd

Attachments (2)

as (1.6 KB) - added by puchu 10 years ago.
my ticket text as file …
portmap.diff (802 bytes) - added by puchu 10 years ago.
portmap nobody fix

Download all attachments as: .zip

Change History (15)

Changed 10 years ago by puchu

my ticket text as file ...

comment:1 Changed 10 years ago by florian

  • Resolution set to fixed
  • Status changed from new to closed

Fixed with [8635], thanks !

comment:2 Changed 10 years ago by anonymous

  • Resolution fixed deleted
  • Status changed from closed to reopened

should it be run as nobody instead of root?

comment:3 Changed 10 years ago by florian

  • Resolution set to fixed
  • Status changed from reopened to closed

I think portmap will by default use privileged port numbers, thus only allowing the root user to start it, thus my changeset. Any test/change is welcome, so feel free to test it and report back here with different uid numbers.

comment:4 Changed 10 years ago by anonymous

  • Resolution fixed deleted
  • Status changed from closed to reopened

$BIN -u 0 -g 0 $OPTIONS doesnt seem to start portmap for me .....

and i have here a 7458 or so release that starts portmap as dnsmasq user .... but i dont understand where it get its options from because it is started with $BIN $OPTIONS in /etc/init.d/portmap

comment:5 Changed 10 years ago by florian

The options are read from the /etc/default/portmap file if existing. If not, it will start with uid and gid 0. I do not see the problem in starting portmap as root instead of nobody.

comment:6 Changed 10 years ago by anonymous

but it doesnt start with this options ....

portmap options are

usage: portmap [-dv] [-t path] [-i address]
-d: debugging mode
-t path: chroot into path
-v: verbose logging
-i address: bind to address

comment:7 Changed 10 years ago by anonymous

I upgraded it with [8650], now it can start with a good uid/guid.

comment:8 Changed 10 years ago by florian

  • Resolution set to fixed
  • Status changed from reopened to closed

comment:9 Changed 10 years ago by anonymous

  • Resolution fixed deleted
  • Status changed from closed to reopened

portmap: illegal uid: 0

this is the erro portmap gives now ....

when i remove the -u 0 part i get...
portmap: illegal gid: 0

and portmap refuses to start

comment:10 Changed 10 years ago by nico

  • Description modified (diff)
  • Owner changed from developers to nico
  • Status changed from reopened to new

First, the lsof reporting is harmless and could have been easily fixed by adding the proper entry for the daemon user in /etc/passwd.

About running portmap as root, from $(BUILD_DIR)/portmap.c :

#ifdef DAEMON_UID
int daemon_uid = DAEMON_UID;
int daemon_gid = DAEMON_GID;
#else
int daemon_uid = 1;
int daemon_gid = 1;
#endif
...
while ((c = getopt(argc, argv, "Vdflt:vi:u:g:")) != EOF) {
  switch (c) {
  ...
  case 'u':
    daemon_uid = atoi(optarg);
    if (daemon_uid <= 0) {
      fprintf(stderr,
        "portmap: illegal uid: %s\n", optarg);
      exit(1);
    }
    ...

So portmap can't run as uid=0 (with -u 0) and still runs as uid=1 if -u is not specified. The default uid/gui (default to 1) can't be changed at compile-time by passing proper defines in CPPFLAGS.

Can someone check if portmap can run as nobody/nogroup (65534:65534) ?

comment:11 Changed 10 years ago by puchu

yeah it will run as nobody....
i made a fix this will start portmap as nobody ....
see attachment

Changed 10 years ago by puchu

portmap nobody fix

comment:12 Changed 10 years ago by florian

  • Resolution set to fixed
  • Status changed from new to closed

Applied in [8693], thanks !

comment:13 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.