|-p||If given as the first command-line argument, no attempt will be made to bind the inherited file descriptor and innbind will only try creation of a new file descriptor and passing it back via standard output. This option is primarily useful for testing.|
As innbind is normally installed setuid root, security is even more of an issue for it than for other parts of INN. It is a fairly short program, and if you understand C, you are encouraged to audit it yourself to be certain that it does only what it is supposed to do. The only INN library functions it uses are the vector functions, the message functions for error reporting, and xstrdup.
The ports that will be bound are restricted to prevent potential attacks made possible by the ability to bind low-numbered ports, such as exploits of the rsh(1) family of commands on some systems. If innbind is installed setuid root, it can only be executed by the news user to prevent other users on the system from being able to bind to even those few privileged ports that it allows.
innbind uses no external configuration files; the only files it might open are through the system getpwnam(3) service to get the UID of the news user. The only user input that it accepts are its command-line arguments.
innbind may log the following messages to syslog and print them to standard error.
cannot create socket for %s: %s (Fatal) innbind fell back on attempting to create a new socket to bind for the given argument, and the socket creation failed. cannot bind socket for %s: %s (Fatal) Calling bind for the socket corresponding to the given argument failed with a system error. If the error indicates permission denied, make sure that innbind is setuid root. This can also be caused by trying to use IPv6 on a system whose kernel does not support it. cannot bind to restricted port %hu in %s (Fatal) The port number portion of the given command-line argument is for a port below 1024 which is not 119, 433, 563, or a port given to --with-innd-port at configure time. Other ports are not allowed for security reasons. cannot get socket options for file descriptor %d: %s (Fatal) innbind was unable to get the socket options for that file descriptor. The most likely cause of this error is passing the wrong file descriptor number to innbind (a file descriptor that isnt open, or that corresponds to a regular file rather than a network socket). cannot get UID for %s (Fatal) innbind was unable to get the UID for the news user specified during configure (and defaulting to news). This normally means that user isnt in the system passwd file. cannot mark socket reusable for %s: %s (Fatal) innbind created a new socket for the given argument but was unable to mark its bind address reusable (the SO_REUSEADDR socket option). cannot pass file descriptor: %s (Fatal) innbind created and bound a new file descriptor but was unable to pass it back to its caller via its standard output, using the I_SENDFD STREAMS ioctl. invalid file descriptor %d: not SOCK_STREAM (Fatal) The given file descriptor is not a SOCK_STREAM socket. innbind can only bind SOCK_STREAM sockets. invalid IPv4 address %s in %s (Fatal) The IPv4 address specified in the given command-line option could not be parsed by inet_aton(3). IPv4 addresses should be specified in the standard dotted-quad format (10.2.3.4). invalid IPv6 address %s in %s (Fatal) The IPv6 address specified in the given command-line option could not be parsed by inet_pton(3). IPv6 addresses should be specified in RFC 4291 format (1080:0:0:0:8:800:200C:417A or 1080::8:800:200C:417A). invalid command-line argument %s (Fatal) The specified command-line argument could not be parsed or was not in the correct format. invalid file descriptor %s in %s (Fatal) The file descriptor portion of the given command-line argument is not a non-negative integer. invalid port number %s in %s (Fatal) The port number portion of the given command-line argument is not a non-negative integer. invalid protocol family %s in %s (Fatal) The protocol family portion of the given command-line argument is not a non-negative integer. It should be equal to either AF_INET or AF_INET6 on the system where innbind is run. must be run by user %s (%lu), not %lu (Fatal) When setuid root, innbind may only be run by the news user as specified at configure time (news by default), for security reasons. no addresses specified (Fatal) No arguments were given on the command line (except maybe -p). port may not be zero in %s (Fatal) The port number portion of the given command-line argument was zero. unknown protocol family %s in %s (Fatal) The protocol number portion of the given command-line argument is neither AF_INET nor AF_INET6.
As mentioned above, innbind is never run directly, only by innd and other programs that need to bind to and listen to network ports. Sample invocations by innd would be:
to bind the IPv6 socket on file descriptor 3 to port 119, all addresses, or:
to bind the IPv4 socket on file descriptor 6 to port 433 in the address 10.0.0.3.
Written by Russ Allbery <firstname.lastname@example.org> for InterNetNews.
$Id: innbind.pod 9767 2014-12-07 21:13:43Z iulius $
inet_aton(3), inet_pton(3), innd(8), nnrpd(8).
|INN 2.6.0||INNBIND (8)||2015-09-12|