getpwnam
Doug Hardie
bc979 at lafn.org
Thu Feb 25 21:07:38 UTC 2010
I encountered a situation where sendmail was opening up what appeared to be listening on random UDP ports. In the process of tracking this down I discovered that the culprit is getpwnam. A ktrace of the following simple program show whats happening:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <pwd.h>
int main (int argc, char *argv[])
{
struct passwd *pe;
pe = getpwnam ("xxx");
}
Note, xxx is a valid user id in that system.
The ktrace output is way too large to include here, but below is the interesting portion. Note that it creates a socket with address of 0.0.0.0:932 and then sends data to it. Somehow it gets a response although I can find nothing other than this program using that port. I would think that it would use a unix socket rather than UDP to access local NIS information. The "unknown address family" error is also puzzling. I have traced this into _nsdispatch but it gets a bit convoluted at that point with all the caching. What is this doing?
87443 test CALL socket(PF_INET,SOCK_DGRAM,IPPROTO_UDP)
87443 test RET socket 4
87443 test CALL getsockname(0x4,0xbfbfe16c,0xbfbfe1f0)
87443 test STRU struct sockaddr { AF_INET, 0.0.0.0:0 }
87443 test RET getsockname 0
87443 test CALL getsockopt(0x4,0,0x13,0xbfbfe1f8,0xbfbfe1ec)
87443 test RET getsockopt 0
87443 test CALL setsockopt(0x4,0,0x13,0xbfbfe1f4,0x4)
87443 test RET setsockopt 0
87443 test CALL bind(0x4,0xbfbfe16c,0x10)
87443 test STRU struct sockaddr { AF_INET, 0.0.0.0:0 }
87443 test RET bind 0
87443 test CALL getsockname(0x4,0xbfbfe144,0xbfbfe1c8)
87443 test STRU struct sockaddr { AF_INET, 0.0.0.0:932 }
87443 test RET getsockname 0
87443 test CALL getsockopt(0x4,SOL_SOCKET,SO_TYPE,0xbfbfe1c4,0xbfbfe1c8)
87443 test RET getsockopt 0
87443 test CALL getrlimit(RLIMIT_NOFILE,0xbfbfe0f4)
87443 test RET getrlimit 0
87443 test CALL getsockname(0x4,0xbfbfe074,0xbfbfe0f8)
87443 test STRU struct sockaddr { AF_INET, 0.0.0.0:932 }
87443 test RET getsockname 0
87443 test CALL getsockopt(0x4,SOL_SOCKET,SO_TYPE,0xbfbfe0f4,0xbfbfe0f8)
87443 test RET getsockopt 0
87443 test CALL gettimeofday(0xbfbfe1c0,0)
87443 test RET gettimeofday 0
87443 test CALL getpid
87443 test RET getpid 87443/0x15593
87443 test CALL ioctl(0x4,FIONBIO,0xbfbfe1c8)
87443 test RET ioctl 0
87443 test CALL fcntl(0x4,F_SETFD,FD_CLOEXEC)
87443 test RET fcntl 0
87443 test CALL bind(0x4,0xbfbfe700,0x10)
87443 test STRU struct sockaddr { AF_UNSPEC, unknown address family }
87443 test RET bind -1 errno 22 Invalid argument
87443 test CALL getsockname(0x4,0xbfbfe700,0xbfbfe740)
87443 test STRU struct sockaddr { AF_INET, 0.0.0.0:932 }
87443 test RET getsockname 0
87443 test CALL gettimeofday(0xbfbfe740,0)
87443 test RET gettimeofday 0
87443 test CALL kqueue
87443 test RET kqueue 5
87443 test CALL sendto(0x4,0x282359f4,0x48,0,0x28235008,0x10)
87443 test GIO fd 4 wrote 72 bytes
0x0000 4b8e 2491 0000 0000 0000 0002 0001 86a4 |K.$.............|
0x0010 0000 0002 0000 000a 0000 0000 0000 0000 |................|
0x0020 0000 0000 0000 0000 0000 0004 7465 7374 |............test|
0x0030 0000 0014 6d61 7374 6572 2e70 6173 7377 |....master.passw|
0x0040 642e 6279 6e61 6d65 |d.byname|
87443 test RET sendto 72/0x48
87443 test CALL kevent(0x5,0x282350dc,0x1,0xbfbfe6fc,0x1,0xbfbfe730)
87443 test GIO fd 5 wrote 20 bytes
0x0000 0400 0000 ffff 0100 0000 0000 0000 0000 |................|
0x0010 0000 0000 |....|
87443 test GIO fd 5 read 20 bytes
0x0000 0400 0000 ffff 0000 0000 0000 2000 0000 |............ ...|
0x0010 0000 0000 |....|
87443 test RET kevent 1
87443 test CALL recvfrom(0x4,0x282350f4,0x900,0,0,0)
87443 test GIO fd 4 read 32 bytes
0x0000 4b8e 2491 0000 0001 0000 0000 0000 0000 |K.$.............|
0x0010 0000 0000 0000 0000 0000 0001 4a3f f709 |............J?..|
87443 test STRU struct sockaddr { AF_INET, 206.117.18.7:876 }
87443 test RET recvfrom 32/0x20
87443 test CALL close(0x5)
87443 test RET close 0
More information about the freebsd-questions
mailing list