[Webkit-unassigned] [Bug 14538] Network port blocking breaks internet banking on major Estonian bank

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun May 22 02:08:54 PDT 2011


https://bugs.webkit.org/show_bug.cgi?id=14538


Terje Bless <link at pobox.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |link at pobox.com




--- Comment #9 from Terje Bless <link at pobox.com>  2011-05-22 02:08:54 PST ---
(In reply to comment #6)
> AFAIK, the only substanative change to the port blocking mechanism that shipped in Safari 5 was the addition of ports 6665-6669 to the blacklist.  Does the bank use one of these...?

*sigh* I just ran into this while setting up ZNC, an IRC proxy/bouncer. It is desireable to set it up to listen on port TCP/6667—the common port for IRC serveres—so that IRC clients can mostly use the default provided port number; but ZNC also provides a web-based administration interface on the same port (i.e. https://znchost.example.com:6667/). And, as you note, Safari 5 now cannot connect to this port.

You cannot in general prevent arbitrary port numbers. Even the ports registered with IANA for a protocol are only the “well-known” port numbers; there is no general requirement that a service listen only on those ports. There are also about a million different use cases for running services on arbitrary ports; the above being a case in point, a per-user service (which means either the IP or port has to be unique) where the well-known port is not available (normal users cannot bind() to ports TCP/80,443).

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.


More information about the webkit-unassigned mailing list