View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0007952Kali LinuxKali Package Improvementpublic2022-09-25 16:422022-12-20 01:32
Reporterfob Assigned Tosbrun  
PrioritynormalSeveritytweakReproducibilityalways
Status resolvedResolutionfixed 
Product Versionkali-dev 
Fixed in Versionkali-dev 
Summary0007952: Improper patching of restricted ports
Description

Hi,

I was surprised to notice that regular users can open restricted ports (<1024). Tracking the change, I could not locate a change to the "ip_unprivileged_port_start" kernel parameter in /etc/sysctl.* I then noticed this was announced in https://www.kali.org/blog/kali-linux-2021-2-release/#disabled-privileged-ports as a kernel patch. This change is implemented in https://gitlab.com/kalilinux/packages/linux/-/commit/1cddddf656ab251cc72fdc1c4e1706db86a5150b

The use of a kernel patch rather than using a sysctl parameter is questionable. Kernel patches should be last resort changes when there are no other ways to fix an issue. They are intrusive.

I suggest that this change (no privileged ports) that the Kali project decided to make be done using sysctl parameters rather than a kernel patch.

Activities

g0tmi1k

g0tmi1k

2022-10-06 13:21

administrator   ~0016936

Hi @fob,

Thanks for the suggestion - this is something we will deff look into!
arnaudr

arnaudr

2022-12-20 01:32

manager   ~0017260

Heya, this is now done!

  1. The patch was removed in source package linux 6.0.10-2kali.
  2. We now have default sysctl settings (provided by package kali-defaults) in /usr/lib/sysctl.d/ to disable restricted ports by default.
  3. There's also an entry in the tool kali-tweaks to re-enable restricted port if required.

Closing. Thanks again for the report!

Issue History

Date Modified Username Field Change
2022-09-25 16:42 fob New Issue
2022-09-26 08:03 daniruiz Assigned To => sbrun
2022-09-26 08:03 daniruiz Status new => assigned
2022-10-06 13:21 g0tmi1k Note Added: 0016936
2022-12-20 01:32 arnaudr Note Added: 0017260
2022-12-20 01:32 arnaudr Status assigned => resolved
2022-12-20 01:32 arnaudr Resolution open => fixed
2022-12-20 01:32 arnaudr Fixed in Version => kali-dev