Re: CVS commit: src/external/bsd/blacklist

To: source-changes-d%NetBSD.org@localhost
Subject: Re: CVS commit: src/external/bsd/blacklist
From: christos%astron.com@localhost (Christos Zoulas)
Date: Wed, 11 Mar 2020 15:02:55 -0000 (UTC)

In article <20200311021208.BFB5CFB28%cvs.NetBSD.org@localhost>,
Roy Marples <source-changes-d%NetBSD.org@localhost> wrote:
>-=-=-=-=-=-
>
>Module Name:	src
>Committed By:	roy
>Date:		Wed Mar 11 02:12:08 UTC 2020
>
>Modified Files:
>	src/external/bsd/blacklist/bin: blacklistd.c conf.c
>	src/external/bsd/blacklist/lib: bl.c
>
>Log Message:
>blacklist: Allow blacklist_sa to work with an invalid fd
>
>fd -1 is invalid, so don't query it for protocol, port or address.
>
>fd is supposed to represent how the client is connected, but if we are
>parsing route(4) messages or log files then there is no client connection
>to interogate.

Yes, but this (with the cmsg passed in the fd) is how we do access
control. If you can't figure out if the remote owns the socket,
then anyone can DoS the system by writing messages to the daemon?

christos

Follow-Ups:
- Re: CVS commit: src/external/bsd/blacklist
  - From: Roy Marples

Prev by Date: Re: CVS commit: src/external/cddl/osnet/dist/uts/common/fs/zfs
Next by Date: Re: CVS commit: src/external/cddl/osnet/dist/uts/common/fs/zfs
Previous by Thread: Re: CVS commit: src/external/cddl/osnet/dist/uts/common/fs/zfs
Next by Thread: Re: CVS commit: src/external/bsd/blacklist
Indexes:

Home | Main Index | Thread Index | Old Index