Mailinglist Archive: opensuse-security (320 mails)

< Previous Next >
Re: [suse-security] Port 33270 and Trinity
  • From: Paul Kozlenko <pkozlenko@xxxxxxxxxx>
  • Date: Wed, 7 May 2003 22:41:06 -0400
  • Message-id: <200305072241.06205.pkozlenko@xxxxxxxxxx>
On Wednesday 07 May 2003 22:31, Paul Kozlenko wrote:
> On Wednesday 07 May 2003 18:58, GertJan Spoelman wrote:
> > On Thursday 08 May 2003 00:12, Paul Kozlenko wrote:
> > > FWIW
> > > netstat -patn|grep 33270
> > > gives me:
> > >
> > > Proto Recv-Q Send-Q Local Address Foreign Address State
> > > PID/Program name
> > > tcp 0 0 0.0.0.0:33270 0.0.0.0:*
> > > LISTEN -
> > > (I added the headers in for clarity)
> >
> > You're probably running a kernel which has the fix for the ptrace hole.
> > The downside of that fix was that even root doesn't seem to have the
> > right to show the information for all processes anymore, for example if I
> > look at nfs which uses port 2049 I see the same, there is no PID or
> > Program name shown for that port.
> > On my systems I also see such lines for high ports, I don't know which
> > process uses them, but you should be able to find that out by shutting
> > them down one by one and watch when that port disappears.
> > --
> >
> > GertJan
> >
> > Email address is invalid, so don't reply directly, I'm on the list.
>
> My kernel version is Linux version 2.4.19-4GB (SuSE 8.1 Professional)
> How do I find out if this has the "ptrace hole" fix?
>
> - Paul

More info (... reminder to self, always check log files ....)

/var/log/warn contains a line:
May 7 22:00:07 machinename kernel: lockd: connect from unprivileged port:
172.20.43.21:52353

For each attempted connect.
This is a good thing that this is detected. YES?
Does it mean that I am safe though?

- Paul


< Previous Next >