rpc.lockd, part 2: using random privileged ports is a bad idea

Summary: Having rpc.lockd randomly(?) pick privileged ports to use looks
like a bad idea, since it doesn't limit itself to Unassigned
ports. Partial work-around described.

When I recently started up rpc.lockd, these ports were opened:

tcp4 0 0 *.1001 *.* LISTEN
udp4 0 0 *.1017 *.*
udp4 0 0 *.* *.*

tcp6 0 0 *.698 *.* LISTEN
udp6 0 0 *.767 *.*
udp6 0 0 *.919 *.*

Ports 919, 1001, and 1017 are Unassigned by IANA and do not appear in
/etc/services, so an case might be made that allowing lockd to use them
is OK. However, two of the ports it opened, 698 and 767, *ARE* assigned
by IANA and *ARE* in /etc/services:

olsr 698/tcp OLSR
olsr 698/udp OLSR
phonebook 767/tcp phone
phonebook 767/udp phone

That's clearly not good, for the obvious reasons.


Partial work-around:

Four of the five random port numbers can be set by adding a line like:

# pick a port number
rpc_lockd_flags="-p 66000"

to /etc/rc.conf(.local). (Last I saw, Sun used port 4045 even though
it conflicts with the IANA assignment.) I picked a number and added a
line to /etc/services, so now netstat shows me:

tcp4 0 0 *.lockd *.* LISTEN
udp4 0 0 *.lockd *.*
tcp6 0 0 *.lockd *.* LISTEN
udp6 0 0 *.lockd *.*
udp6 0 0 *.868 *.*

The fifth port, though (the second udp6 port), still gets some other
number.

I didn't see any way to get rid of the UDP4 *.* *.* listen. :(
Anyone happen to know why lockd needs that?
-WBE
.