Treat ports below 512 as reserved ports.

Though applications trying to bind a reserved port normally look in
the range 512-1024 (because below there is very dense with well known
ports), all ports 1-1024 are reserved in that only root can bind to them.
So when checking if a port is 'reserved' we should allow it anywhere in
the full range.

This allows sunrpc.minresvport to be set low and portmap will still
allow mappings made by the kernel.

The status of 0 as a reserved port is doubtful, but
check_privileged_port will never be called with a 0, so it doesn't
matter.

diff --git a/pmap_check.c b/pmap_check.c
index 443a82291985cdb2c899f3314bca34970db4302d..6b3e4909c1c2da8194eb060dab6c46b2d2dcd7f1 100644 (file)
--- a/pmap_check.c
+++ b/pmap_check.c
@@ -71,7 +71,7 @@ int     deny_severity __attribute ((visibility ("hidden"))) = LOG_WARNING;
 
 /* A handful of macros for "readability". */
 
-#define reserved_port(p) (IPPORT_RESERVED/2 < (p) && (p) < IPPORT_RESERVED)
+#define reserved_port(p) ((p) < IPPORT_RESERVED)
 
 #define unreserved_port(p) (IPPORT_RESERVED <= (p) && (p) != NFS_PORT)