Date: Fri, 10 Jan 1997 01:12:34 -0500 (EST) From: Bill Paul <wpaul@skynet.ctr.columbia.edu> To: grog@lemis.de Cc: current@freebsd.org, peter@spinner.dialix.com Subject: Re: What's happened to nfsd and mountd? Message-ID: <199701100612.BAA27329@skynet.ctr.columbia.edu> In-Reply-To: <199701091520.QAA03172@freebie.lemis.de> from "grog@lemis.de" at Jan 9, 97 04:20:47 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Of all the gin joints in all the towns in all the world, grog@lemis.de had to walk into mine and say: > Peter Wemm writes: > > Greg Lehey wrote: > >> A pointer to the problem, by the look of it: > >> > >> === grog@freebie (/dev/ttypa) ~/src 3 -> gma > >> get_myaddress() returns 0 > >> sin_family = 0 (AF_INET = 2) > >> sin_len = 3 (16) > >> sin_port = 0 > >> sin_addr = 0.32.0.0 > >> SIOCFIGCONF used 1008 bytes of a buffer 1024 long > > > > YIKES! [chop] Indeed. > Unfortunately, mountd still fails (and draws portmap in for sympathy) > with a message which completely baffles me: > > Jan 9 12:08:28 freebie portmap[754]: connect from 127.0.0.1 to unset(mountd): request from non-local host [chop] Aha. Okay, I think get_myaddress() is fine now, but next somebody will have to fix src/usr.sbin/portmap/from_local.c. This code is supposed to compare the client IP address against everything it considers to be a local interface address. However, it allocates a static buffer that's only large enough for 16 interfaces. In both these cases, there are much more than 16 interfaces involved, so SIOCGIFCONF is probably failing. There are two bugs here: the first is that portmap doesn't use a flexible enough mechanism to read all the local interfaces and 2) it doesn't syslog() an appropriate error message when SIOCGIFCONF fails so that you have some idea of what's going on. Bumping up the buffer size is not the correct solution, unfortunately. The correct solution is to do what ifconfig(8) does and use sysctl(). Only problem is that the correct solution is also tough to implement. :) I was hoping to eventually make from_local.c go away: if portmap uses a local-only transport (AF_UNIX socket) for pmap_set() and pmap_unset(), then you don't really need from_local() anymore. This also closes a security hole since from_local() is not really secure, thanks to IP spoofing. Also, it just occured to me tonight that this whole situation can get really weird if you're using IP address translation. -Bill -- ============================================================================= -Bill Paul (212) 854-6020 | System Manager, Master of Unix-Fu Work: wpaul@ctr.columbia.edu | Center for Telecommunications Research Home: wpaul@skynet.ctr.columbia.edu | Columbia University, New York City ============================================================================= "It is not I who am crazy; it is I who am mad!" - Ren Hoek, "Space Madness" =============================================================================
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199701100612.BAA27329>