Shall we avoid binding "unsafe ports" during random port selection?

> Hi dev,
>
> Recently we have found that when* `rest.bind-port`* parameter is specified
> as a port range (i.e. "5000-8000"), Flink may bind to some port (like 6000)
> that is not allowed by Chrome (showing a "ERR_UNSAFE_PORT" message and
> preventing users to continue accessing the website), similarly Firefox
> blocks these unsafe port as well [1].
>
> When I dig further into this issue, I do believe that this restriction is
> reasonable [2] as Flink may accidentally bind to some port that is
> generally considered to be used by other services, posing security risks
> and causing potential confusions to the network administrator.
>
> Here I propose that when Flink tries to do port selection in `
> *NetUtils.getPortRangeFromString*`, we return an iterator that explicitly
> skips those unsafe ports, so that those unsafe ports would not be used
> unless users explicitly specify one in *`rest.port`* parameter.
>
> I would like to solicit opinions from the community on this matter, thanks
> : )
>
> Sincerely,
> Weike
>
> [1] https://www-archive.mozilla.org/projects/netlib/portbanning#portlist
> [2]
>
> https://superuser.com/questions/188058/which-ports-are-considered-unsafe-by-chrome
>

> Hi Weike,
>
> would it be good enough if the user did not include unsafe ranges when
> specifying `rest.bind-port`? My concern with excluding unsafe ports is that
> it adds some invisible magic which can be hard to understand for the user.
> I think over the past couple of years it has proven that auto magic often
> leads to hard to understand features.
>
> Cheers,
> Till
>
> On Sat, May 23, 2020 at 7:46 AM DONG, Weike <[hidden email]>
> wrote:
>
> > Hi dev,
> >
> > Recently we have found that when* `rest.bind-port`* parameter is
> specified
> > as a port range (i.e. "5000-8000"), Flink may bind to some port (like
> 6000)
> > that is not allowed by Chrome (showing a "ERR_UNSAFE_PORT" message and
> > preventing users to continue accessing the website), similarly Firefox
> > blocks these unsafe port as well [1].
> >
> > When I dig further into this issue, I do believe that this restriction is
> > reasonable [2] as Flink may accidentally bind to some port that is
> > generally considered to be used by other services, posing security risks
> > and causing potential confusions to the network administrator.
> >
> > Here I propose that when Flink tries to do port selection in `
> > *NetUtils.getPortRangeFromString*`, we return an iterator that explicitly
> > skips those unsafe ports, so that those unsafe ports would not be used
> > unless users explicitly specify one in *`rest.port`* parameter.
> >
> > I would like to solicit opinions from the community on this matter,
> thanks
> > : )
> >
> > Sincerely,
> > Weike
> >
> > [1] https://www-archive.mozilla.org/projects/netlib/portbanning#portlist
> > [2]
> >
> >
> https://superuser.com/questions/188058/which-ports-are-considered-unsafe-by-chrome
> >
>