Re: CVS commit: src/external/bsd/blacklist

To: Christos Zoulas <christos%astron.com@localhost>, source-changes-d%NetBSD.org@localhost
Subject: Re: CVS commit: src/external/bsd/blacklist
From: Roy Marples <roy%marples.name@localhost>
Date: Thu, 12 Mar 2020 11:26:19 +0000

On 11/03/2020 15:02, Christos Zoulas wrote:

In article <20200311021208.BFB5CFB28%cvs.NetBSD.org@localhost>,
Roy Marples <source-changes-d%NetBSD.org@localhost> wrote:

-=-=-=-=-=-

Module Name:	src
Committed By:	roy
Date:		Wed Mar 11 02:12:08 UTC 2020

Modified Files:
	src/external/bsd/blacklist/bin: blacklistd.c conf.c
	src/external/bsd/blacklist/lib: bl.c

Log Message:
blacklist: Allow blacklist_sa to work with an invalid fd

fd -1 is invalid, so don't query it for protocol, port or address.

fd is supposed to represent how the client is connected, but if we are
parsing route(4) messages or log files then there is no client connection
to interogate.


Yes, but this (with the cmsg passed in the fd) is how we do access
control. If you can't figure out if the remote owns the socket,
then anyone can DoS the system by writing messages to the daemon?


I'll revert this for the time being.

Roy

Follow-Ups:
- Re: CVS commit: src/external/bsd/blacklist
  - From: Christos Zoulas

References:
- Re: CVS commit: src/external/bsd/blacklist
  - From: Christos Zoulas

Prev by Date: Re: CVS commit: src/external/bsd/blacklist/bin
Next by Date: Re: CVS commit: src/lib/libcurses
Previous by Thread: Re: CVS commit: src/external/bsd/blacklist
Next by Thread: Re: CVS commit: src/external/bsd/blacklist
Indexes:

Home | Main Index | Thread Index | Old Index