git-history.diyao.me Git - systemd/.git/commit

author	networkException <git@nwex.de>
	Thu, 4 Jan 2024 17:45:25 +0000 (18:45 +0100)
committer	Yu Watanabe <watanabe.yu+github@gmail.com>
	Fri, 5 Jan 2024 23:27:14 +0000 (08:27 +0900)
commit	dcfac3a3f9d9a32bdb5679cd6dab4bb86a6cd6fe
tree	81c7237d7e0419219ee16308a9f48a8dd395255e	tree \| snapshot
parent	9807ee19b077112819e96b62b6835453696362d7	commit \| diff

parse-helpers: allow port 0 for socket bind items

This patch adds a new parameter to parse_ip_port_range, giving callers
the option to allow ranges to have their min be 0 instead of 1.

This is then used by parse_ip_ports_token, intern used by
parse_socket_bind_item to allow port 0 when restricting bind system
calls with SocketBindDeny / SocketBindAllow.

With this, users running server software written using the golang
standard library will be able to effectively sandbox their software,
albeit with a small loss in security protections by allowing the
process to bind on a random port in the
/proc/sys/net/ipv4/ip_local_port_range.

src/basic/parse-util.c		diff \| blob \| history
src/basic/parse-util.h		diff \| blob \| history
src/network/netdev/vxlan.c		diff \| blob \| history
src/network/networkd-routing-policy-rule.c		diff \| blob \| history
src/shared/parse-helpers.c		diff \| blob \| history
src/test/test-parse-helpers.c		diff \| blob \| history