My favorites | Sign in
Project Home Issues
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 4039: Allow binding privileged ports or creating raw sockets
76 people starred this issue and may be notified of changes. Back to list
Status:  New
Owner:  ----


Sign in to add a comment
 
Reported by tdh...@gmail.com, Sep 28, 2009
Currently in all linux systems you need to be root to bind to ports lower
than 1024, and to create raw sockets. A number of people have asked how to
get around these limitations.

I don't think there are any reasons why these restrictions are in place in
Android (other than that they are the default in linux and no-one has
changed them). I believe they are mainly designed for servers that give
untrusted users shell accounts - you don't want those users running web or
FTP servers left right and centre, however as android phones are
single-user this isn't an issue.

An ideal solution would be the following: If an app has the 'internet' (or
perhaps a new 'advanced_internet' permission then it is granted
CAP_NET_BIND_SERVICE and CAP_NET_RAW using the cap_set_proc() syscall. This
will also require the launcher process to have the CAP_SETPCAP capability.
Oct 2, 2009
#1 jbq+legacy@google.com
(No comment was entered for this change.)
Labels: Component-System
Oct 5, 2009
#2 andr...@tastemycity.com
Android isn't actually single-user. Each application gets its own user account.

As for the restriction on ports <= 1024, this still makes sense since you really
don't need to be running web and FTP servers for anything besides strictly personal
uses, in which case you wouldn't need to worry about user's assuming that a
particular service is on a particular well-known port. In other words, since you are
the only one who might potentially want to access your 'droid in that manner, you can
simply plug in the port desired.

Also: consider that there may be, in fact, services listening on ports <= 1024. These
services would be system services that must be considered as having priority higher
than a user app and thus must be protected.
Oct 5, 2009
#3 tdh...@gmail.com
While it is true that each application gets its own user account, the apps are not
actually as untrusted as a real user would be (for example you can grant them access
to modify your files etc. - you'd never do that with a real user).

In many cases you *could* put just force the user to know the port, but there are
some cases where you can't. Besides, it is an extra complication that degrades the
user experience.

Any system services should start before the user applications so I strongly doubt
that is a problem. And as I said before, you have complete control over which apps
run, so if some try to listen on silly ports then you can just remove them.
Jan 14, 2010
#4 patrick....@gmail.com
This is frustrating issue.  I understand the security implications, but this
effectively limits the capabilities of my phone.  There are many services that cannot
be explicitly adapted to custom ports.  Google should offer a "Network Services" or
"Root" permission of some kind to allow this.  If you bought your phone... you should
have root privileges.
Jan 21, 2010
#5 tlieb...@gmail.com
I disagree with the idea that user apps should not be allowed to bind to ports < 1024 
on the principal that users will have knowledge of the port.   Yes, one would not 
host a public web server on an Android device, but one very well might desire to host 
a web server on their own Wi-Fi network from their Android phone to access their 
files and media.  I have written an app, WebSharing [Lite] which does exactly this.

My app of course has to run on a port >= 1024, and users must enter that port number 
in the URL to access it, e.g., they might have to enter 192.168.1.101:2112.  In my 
opinion, there is a bit too much punctuation in that URL.  Making things worse, users 
of Internet Explorer (who are statistically likely to be the least computer savvy), 
must also enter in the "http:// portion of the URL.  If an IE user enters only 
"192.168.1.101:2112" the browser will simply hang indefinitely.  If they enter a 
trailing slash they'll get a nonsense error message indicating "The webpage cannot be 
displayed; Most likely cause: Some content or files on this webpage require a program 
that you don't have installed."

I've added a feature to the app to let users e-mail the login info to themselves.   
The problem is also worked around with documentation.  I may eventually add an option 
to feed URLs through a shortener as well, but then we add the requirement of internet 
access for the system to work.  

But in the end, it'd be a heck of a lot cleaner and easier to just say, "type 
192.168.1.101 in your browser to connect".  I don't think I'm the only app that 
suffers from this limitation.

It'd be wonderful to have an API to request that low ports (e.g. 80 :D) be forwarded 
to higher ports for the duration of a Service's operation.
May 3, 2010
#6 debiltel...@googlemail.com
I would also like to get access to raw sockets: I want to use Android phones with a
small utility to install networked industrial devices which require initial setup
using a special data link layer Ethernet II frame protocol.
Sep 11, 2010
#7 angelaca...@gmail.com
I would like to do my own implementation of a ping function through JNI but I can't use raw sockets.
Sep 11, 2010
#8 antoniov...@gmail.com
I'm also interested in using RAW sockets in android. It would be nice to add an advanced internet permission. As angelacabanelasestevez said I also want to use RAW sockets through JNI.
Sep 11, 2010
#9 hackersm...@gmail.com
I think that giving unrestricted acces to raw sockets or ports under 1024 is crazy because of security but creating an especial permission for accessing this features is something reasonable and AFAIK not so difficult to implement, am I wrong? From my point of view this should be a feature request instead a bugfix.
Sep 12, 2010
Project Member #10 e...@google.com
 Issue 11164  has been merged into this issue.
Sep 24, 2010
#11 rpburkho...@gmail.com
With out access to raw sockets, one is not able to access the basics of ICMP in order to implement network utilities such as traceroute.  Pings work on the .isReachable call, but other useful information is available when you can figure out what the ip addresses are along the way.  Traceroute is a key networking utility, which is not currently available, as far as I can tell.
Sep 24, 2010
#12 antoniov...@gmail.com
AFAIK .isReachable is not a full ping. Java can't access root permissions and that's why it can't do an "standard ICMP_ECHO ping", instead of that Java checks if ICMP ping system call is available and when it finds that is not running as root it tries to open a TCP socket on port 7.
Nov 22, 2010
#13 charlesc...@gmail.com
I would like to add my reasoning for google to open up port lower than 1024 (with a new permission, of course).  Suppose I have a malicious app., I can do the same kind of damage to your phone whether I use port 5000 or port 500.  So restricting lower port number does not really improve security.

I am trying to implement a well known service on the phone, I can't do this without accessing the pre-defined port number.  

I am going to implement this service on the iPhone first until google adds this new feature.


Nov 22, 2010
#14 zwzser...@gmail.com
>>13
I don't think you can make such a huge company change their attitude. If you really want to make the app work, use root. Dumb people without the root access do not need web services anyway.
Nov 22, 2010
#15 tdh...@gmail.com
zwzserver: You may not need web services, but many people do and they shouldn't need to have root.
Nov 22, 2010
#16 zwzser...@gmail.com
You have completely misunderstood my message. I consider myself an advanced user and I do want those services. That's why I'm subscribed to this issue anyway. Do not put your anger for Google's fault against me!
Root is always a workaround. If you want to make exceptional stuff work, use it.
Nov 22, 2010
#17 tdh...@gmail.com
zwzserver: Hmm I thought when you said "Dumb people without the root access do not need web services anyway" you meant that we don't need non-root access to low ports because only advanced users need that access and they will have root anyway.

Anyway, I agree, I'm not holding my breath for this to be fixed, given how many other near-one-liner fixes haven't been done!
Nov 22, 2010
#18 antoniov...@gmail.com
I don't think root is the final solution... just a fix... Even if you rooted your phone you can't let a library be root to integrate your code through JNI... The only posibility is using an executable and extracting and changing permissions to a file is not a good patch...
Nov 22, 2010
#19 charlesc...@gmail.com
There is a FACTORY_TEST permission, according to the android document, it allows to "Run as a manufacturer test application, running as the root user".  I tried it, but no luck, maybe you need modify other things too?  Has any of you guys tried this?

Thanks

Rooting the phone is not an option for me; I intend to share my app with my friends, I can't ask them to root their phones.
Nov 22, 2010
#20 zwzser...@gmail.com
>>19
Well, I guess it could be understood differently... 

But back to the point: What service would it be to require low ports and to be usable by those "unwilling" friends? I originally wanted to run an http server along with WIFI tether app which already needs root. I can't see any other method of making the service useful for your friends as the phones are behind NAT and cannot act as regular servers.
Nov 22, 2010
#21 tdh...@gmail.com
Wifi tethering doesn't require root on 2.2.

True, on 3g pretty much everyone is behind nat, but I think most uses for low ports are local wifi services. E.g. running a cifs server so you can drag/drop files to your phone.
Nov 22, 2010
#22 charlesc...@gmail.com
tdhutt, this is exactly what I want to do, a SMB service (cifs is the older version) so that you can treat your phone as another computer, map a drive from your home PC or Mac to your phone SD drive with your home wifi, without using any cable.  This does not require any installation of software on the PC or Mac.

Right now, each time I want to copy a file from my phone to my computer, I need to hook up the USB cable.  I have another app that records my GPS location as I take pictures, so that I can Geo tag my pictures later on a PC, so I need to copy the recorded route file quite often.  There are file copy utilities using blue tooth, there are also SMB client implemented on the phone, but I don't want to do drag and drop on my phone's small screen, I want to do it on a PC or Mac with the mouse and a big monitor.  I'd love to implement the SMB protocol server side, on the phone.  
Oct 6, 2011
#23 marjorly...@gmail.com
@#9
> giving unrestricted acces to raw sockets or ports under 1024 is crazy because of security

Giving any app unrestricted access to the interweb is CRAZY.

@#2
> you really don't need to be running web and FTP servers for anything besides strictly personal uses

The wise user will be employing one or more flavors of adblocking.  To avoid the horror of broken images the user will run a lightweight web server to answer with empty document or transparent PNG.

AdAway now offers this eDexter style final solution for ads

https://code.google.com/p/ad-away/


all adware is malware!  If the app is really-free there would be no cost to using it.  Rendering ads is a cost too high: trading on user privacy.


@#21
>  on 3g pretty much everyone is behind nat

Not everyone it seems.  There are some interesting write ups on the topic.


@#22
> each time I want to copy a file from my phone to my computer, I need to hook up the USB cable

or sync directories via box, dropbox, s3, sftp/ftps?


Oct 6, 2011
#24 tdh...@gmail.com
To give a concrete usage example, there is a samba app on the market which currently needs root to work. If this bug were fixed it would not:

https://market.android.com/details?id=com.funkyfresh.samba
Dec 14, 2011
#25 badweath...@gmail.com
I vote for allowing access to ports <1024

Needing it for applications that support connecting to other ports is pithy, but there are plenty of services that are designed to work with a specific port out of the box with no configuration option to change it. 

Also, some hardware uses specific ports. For example, 161 and 162 for SNMP.
Dec 14, 2011
#26 impati...@gmail.com
...or sunrpc's portmapper...
Jan 13, 2012
#27 eldridge...@gmail.com
I would also like to see a method by which apps can use ports <1024.

I'm writing an app where I'd like to be able to broadcast Wake On Lan packets and need access to ports 7 and 9.
Jan 13, 2012
#28 tdh...@gmail.com
@eldridge Actually you're in luck, because it doesn't really matter what port WoL packets are sent to (as long as they get to the target computer).

7 and 9 are commonly used because they are the ports for echo (copy all packets back to sender) and discard (simply drop packets). However nobody in the world still runs echo or discard servers.

You can use any random port.
Jan 23, 2012
#29 zhwq...@gmail.com
I vote for allowing access to ports <1024
Jun 29, 2012
#30 rstar...@gmail.com
What a stupid limitation. It makes zero sense from a security perspective.

Consider this: in order to run an SMB server on my phone, I need to root it. Did this limitation add security? No, it took it away!
Aug 25, 2012
#31 rustam...@gmail.com
Android already has a very sophisticated permission system with such a liberal permissions as send/receive sms or full access to my phone calls. Why not implement an explicit permission to allow a _local web server_ that a user must explicitly accept in order to run my application? I don't see what's so insecure in that?
Nov 21, 2012
#32 marcos.d...@3smobile.com
This would allow Android to dominate the server market as well... And there is no downside on it....
Feb 9, 2013
#33 anton.sa...@gmail.com
It's a great feature to implement!
Mar 4, 2013
#34 marcos.d...@3smobile.com
How come that has never been implemented yet ? It's so simple....
Mar 10, 2013
#35 cjay...@gmail.com
My planned app needs to listen for/send Ethernet packets. While I need raw packet permissions, well-known port access is one step closer to fixing my problem and I can see lots of possibilities in using these ports. I vote aye!
Mar 11, 2013
#36 zwzser...@gmail.com
You should put your planned app at the bottom of your list. This isn't going to change. You might be able to make it working using root, but you will never get the needed audience this way.
On the other hand, in root, you can use the readily available tcpdump utility to achieve many of the goals you might want.
Mar 11, 2013
#37 cjay...@gmail.com
Actually, Mike Kershaw of http://www.kismetwireless.net has a very clever work around for his Android PCAP app. Just use an OTG wifi dongle and implement everything in userspace. No root required and full frame capture.
Mar 11, 2013
#38 zwzser...@gmail.com
37: That is totally unusable and creates even more obstacles because:
-Android does not have the USB Host functionality.
-Android often has read-only system.
-Android doesn't readily accept installation packages for desktop distros.
-Kismet requires low-level work with a network card involving open-source drivers. Closed drivers, such as those from Intel, will not allow such a shady operation.

In the end, rooting Android is incomparably easier than bending your USB port to become a host, compiling a rfmon-enabled driver for that dongle for Android's kernel (ROM-specific!), compiling the app itself for the Arm architecture and perhaps making a nice GUI.
I'd bet you $1000 that you won't make Kismet work on the phone, if I was into that sort of thing.
Apr 22, 2013
#39 itsmeyou...@gmail.com
Hi,

I need to use raw sockets for my application written in C.
The application is ported to android, but, I am unable to create raw sockets. I get a permission error(EPERM). I tried running the enclosing java application as root but with no luck. Is this because the shared library does not have root permission ?

Does anyone know if raw sockets can be implemented in jni on android. I do not have issues in providing root access.
Jun 10, 2013
#40 blue64pe...@gmail.com
Too bad this is still being discussed.  It so makes sense to allow non-root access to ports < 1024; an smb server for the filesystem, for instance.  Other then the port restriction, there's no reason to be root.  In fact, the server doesn't want to be root because it doesn't want to have root access to the fs.
Jun 23, 2013
#41 jbq@android.com
(No comment was entered for this change.)
Summary: Allow binding privileged ports or creating raw sockets (was: Cannot bind ports lower than 1024, or create raw sockets.)
Labels: -Type-Defect Type-Enhancement ReportedBy-Developer
Oct 11, 2013
#42 singhai....@gmail.com
Android should allow access to ports below <1024. Atleast, very commonly used Ports like 80 (for http) and Port 443 (for https) should be allowed.
Feb 3, 2014
#43 connerf...@gmail.com
I agree, running a server on ports <1024 without root would be nice.
Feb 20, 2014
#45 gcwior...@gmail.com
Is there a way to braodcast a frame in android without using Raw Sockets? 
So that every device in the reachable area would receive that frame?
I want to create a multiplayer game with many players.
Feb 20, 2014
#46 cjay...@gmail.com
You should be able to use one of the higher layer protocols for this sort
of discovery and those shouldn't need raw sockets. SSDP, for instance, runs
on top of UDP and XMPP (using TCP) has been used for gaming as well.

Take a look at http://en.wikipedia.org/wiki/Service_discovery .
Jul 21, 2014
#47 android....@gmail.com

Of course Android should allow access to ports < 1024 !

I wrote an Android LP Service (binded to port 515) to do some work with printing jobs sent to my Android device by enterprise's UNIX servers. That's really a boring constraint (where possible) to have to ROOT all these Android devices only to be able to use port 515.
This rooting CREATE security holes...
So the ports <1024 restriction ENTAILS security holes instead of PREVENT them) !

Sep 8, 2014
#49 ronniesa...@gmail.com
NFS requires the clients to connect from a <1024 port. Userland NFS client is thus not possible as non-root.
Sep 8, 2014
#50 j...@google.com
Given CAP_NET_BIND_SERVICE we can make a fully supported Samba port onto Android, supported directly out of the main Samba sources.

I think this would be useful for people.

Sep 8, 2014
#51 ospreysy...@gmail.com
5 yrs later and still the reporters suggestion:

"An ideal solution would be the following: If an app has the 'internet' (or
perhaps a new 'advanced_internet' permission then it is granted
CAP_NET_BIND_SERVICE and CAP_NET_RAW using the cap_set_proc() syscall. This
will also require the launcher process to have the CAP_SETPCAP capability."

is still one of the best solutions.

And like with desktop OS the user could be prompted for granting permission when a process is seeking to use elevated permissions.


Sep 9, 2014
#52 bugshide...@gmail.com
This behavior has the same consequences as NAT. Two users can't connect their devices to each other directly, so connections must be forward to a third part server. This is such a waste of resources. Sometimes the two devices are in the same LAN while the server is on the other side of the planet. The question to be asked is not even "why?" anymore but "for how long ?"
Sep 9, 2014
#53 sahlb...@google.com
I would understand that there is reluctance to CAP_NET_RAW since very few applications need this capability, and honestly, I am not sure if it is a good idea from a security standpoint to "allow random program downloaded from the internet to do raw sockets".

CAP_NET_BIND_SERVICE on the other hand I think would have very few security implications and would have real benefits.

1, it would allow applications connecting to NFS servers.
NFS requires that the client connection comes from a systems port, any systems port.
For example: https://github.com/sahlberg/libnfs this library is used by both XBMC and QEMU. At least in XBMCs case it would be awesome if one could bind to a systemks port so that one could connect to an NFS server.

2, samba, samba requires that it can bind to a small subset of low numbered ports.
It would be awesome if one could run samba on the phone so that you can access all the files off the phone just as a normal filesystem share.
There is actually already a version of samba available on the playstore but it requires that you root the device just so that samba can bind to the ports it needs.
If samba could use cap net bind service then samba would be able to run as a normal user process without requiring you to root the phone.

Imagine, having your phones storage appear as a normal share automatically on your home network where you can access the data from any other device. It would be awesome!


Please let us have CAP_NET_BIND_SERVICE.
Sep 9, 2014
#54 ospreysy...@gmail.com
Disagree with #53.

Both capabilities are necessary and in my view, CAP_NET_RAW is the more useful of the two capabilities.

Many networking and firewall utilities require the ability to use a raw socket.

In any event, both capabilities should be user managed through an elevated permission alert that allows the user to chose whether or not to run the application requesting the elevated permissions.  

This way the user is in full control of any elevated permissions.


Sign in to add a comment

Powered by Google Project Hosting