In article <20200311021208.BFB5CFB28%cvs.NetBSD.org@localhost>,
Roy Marples <source-changes-d%NetBSD.org@localhost> wrote:
-=-=-=-=-=-
Module Name: src
Committed By: roy
Date: Wed Mar 11 02:12:08 UTC 2020
Modified Files:
src/external/bsd/blacklist/bin: blacklistd.c conf.c
src/external/bsd/blacklist/lib: bl.c
Log Message:
blacklist: Allow blacklist_sa to work with an invalid fd
fd -1 is invalid, so don't query it for protocol, port or address.
fd is supposed to represent how the client is connected, but if we are
parsing route(4) messages or log files then there is no client connection
to interogate.
Yes, but this (with the cmsg passed in the fd) is how we do access
control. If you can't figure out if the remote owns the socket,
then anyone can DoS the system by writing messages to the daemon?