Source-Changes-D archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src/external/bsd/blacklist



In article <20200311021208.BFB5CFB28%cvs.NetBSD.org@localhost>,
Roy Marples <source-changes-d%NetBSD.org@localhost> wrote:
>-=-=-=-=-=-
>
>Module Name:	src
>Committed By:	roy
>Date:		Wed Mar 11 02:12:08 UTC 2020
>
>Modified Files:
>	src/external/bsd/blacklist/bin: blacklistd.c conf.c
>	src/external/bsd/blacklist/lib: bl.c
>
>Log Message:
>blacklist: Allow blacklist_sa to work with an invalid fd
>
>fd -1 is invalid, so don't query it for protocol, port or address.
>
>fd is supposed to represent how the client is connected, but if we are
>parsing route(4) messages or log files then there is no client connection
>to interogate.

Yes, but this (with the cmsg passed in the fd) is how we do access
control. If you can't figure out if the remote owns the socket,
then anyone can DoS the system by writing messages to the daemon?

christos



Home | Main Index | Thread Index | Old Index