Source-Changes-D archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src/external/bsd/blacklist



On 11/03/2020 15:02, Christos Zoulas wrote:
In article <20200311021208.BFB5CFB28%cvs.NetBSD.org@localhost>,
Roy Marples <source-changes-d%NetBSD.org@localhost> wrote:
-=-=-=-=-=-

Module Name:	src
Committed By:	roy
Date:		Wed Mar 11 02:12:08 UTC 2020

Modified Files:
	src/external/bsd/blacklist/bin: blacklistd.c conf.c
	src/external/bsd/blacklist/lib: bl.c

Log Message:
blacklist: Allow blacklist_sa to work with an invalid fd

fd -1 is invalid, so don't query it for protocol, port or address.

fd is supposed to represent how the client is connected, but if we are
parsing route(4) messages or log files then there is no client connection
to interogate.

Yes, but this (with the cmsg passed in the fd) is how we do access
control. If you can't figure out if the remote owns the socket,
then anyone can DoS the system by writing messages to the daemon?

I'll revert this for the time being.

Roy


Home | Main Index | Thread Index | Old Index