Forum: Ruby-core Ruby resolver not using autoport

8cbb39dadafaf2287a83a13ee4981ec9?d=identicon&s=25 unknown (Guest)
on 2014-08-31 09:23
(Received via mailing list)
Issue #9544 has been updated by Usaku NAKAMURA.

Backport changed from 2.0.0: REQUIRED, 2.1: DONE to 2.0.0: DONE, 2.1:
DONE

backported into `ruby_2_0_0` at r47335.

----------------------------------------
Bug #9544: Ruby resolver not using autoport
https://bugs.ruby-lang.org/issues/9544#change-48584

* Author: Jakub Szafranski
* Status: Closed
* Priority: Normal
* Assignee:
* Category: core
* Target version: current: 2.2.0
* ruby -v: ruby 2.1.0p0 (2013-12-25 revision 44422) [x86_64-freebsd9.1]
* Backport: 2.0.0: DONE, 2.1: DONE
----------------------------------------
### Problem

On one of my production servers I've noticed that customers were failing
to install anything using gem and the latest ruby. After a bit of
debugging we've found out, that it's related to ruby resolve module:

<pre>
> p Resolv.getaddress "google.com"
Errno::EPERM: Operation not permitted - bind(2) for "0.0.0.0" port 62374
        from
/home/pudlobe/.rvm/rubies/ruby-2.1.0/lib/ruby/2.1.0/resolv.rb:654:in
`bind'
        from
/home/pudlobe/.rvm/rubies/ruby-2.1.0/lib/ruby/2.1.0/resolv.rb:654:in
`bind_random_port'
        from
/home/pudlobe/.rvm/rubies/ruby-2.1.0/lib/ruby/2.1.0/resolv.rb:747:in
`block in initialize'
        from
/home/pudlobe/.rvm/rubies/ruby-2.1.0/lib/ruby/2.1.0/resolv.rb:735:in
`each'
        ...
</pre>

The interesting part is _bind_random_port_ function. What for? The
standard way of binding to a random port for udp connection is to use
port 0. And on that particular machine it fails because it's using a
mac_portacl module to filter which user can bind to what ports.
**However, port 0 is excepted from this rule, because it's the
AUTOPORT** - practically every system that allows such port filtering
also allows to set an exception for the autoport.

### Docs

<pre>
Purpose:

Port 0 is officially a reserved port in TCP/IP networking, meaning that
it should not be used for any TCP or UDP network communications.
However, port 0 sometimes takes on a special meaning in network
programming, particularly Unix socket programming. In that environment,
port 0 is a programming technique for specifying system-allocated
(dynamic) ports.
Description:

Configuring a new socket connection requires assigning a TCP or UDP port
number. Instead of hard-coding a particular port number, or writing code
that searches for an available port on the local system, network
programmers can instead specify port 0 as a connection parameter. That
triggers the operating system to automatically search for and return the
next available port in the dynamic port number range.</pre>

### Impact

This bug affects every system that has a restricted port-binding policy,
making ruby unavailable for security-freak admins ;)

### Suggested fix:

Either use port 0 to bind to the port, or at least make an option for
the system admin/end user to specify the port by himself.
This topic is locked and can not be replied to.