On Tue, 13 Oct 2009 12:56:29 -0500 Robert Gordon <rbg@xxxxxxxxxxx> wrote: > > I noticed that the insecure option validates that the client port is a > subset of IPPORT_RESERVED as opposed to just validating it is a valid > reserved port. The following proposed patch would correct that issue. > Would anyone care to comment ? .. > > # diff utils/mountd/auth.c utils/mountd/auth.c.orig > 171a172 > > (ntohs(caller->sin_port) < IPPORT_RESERVED/2 || > Ack on the idea, but you should probably send that patch as a unified diff... The only thing I can figure is that someone wanted to verify that the call came from the ephemeral port range. But that's somewhat of a nebulous concept when you mix in clients from other OS's... I don't see any reason why we'd care that the calling port is "too" low. -- Jeff Layton <jlayton@xxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
