From owner-freebsd-security Tue Jul 7 03:51:11 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id DAA06420 for freebsd-security-outgoing; Tue, 7 Jul 1998 03:51:11 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from indigo.ie (nsmart@ts01-53.waterford.indigo.ie [194.125.139.116]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA06389 for ; Tue, 7 Jul 1998 03:51:06 -0700 (PDT) (envelope-from rotel@indigo.ie) Received: (from nsmart@localhost) by indigo.ie (8.8.8/8.8.7) id LAA00625; Tue, 7 Jul 1998 11:46:36 +0100 (IST) (envelope-from rotel@indigo.ie) From: Niall Smart Message-Id: <199807071046.LAA00625@indigo.ie> Date: Tue, 7 Jul 1998 11:46:35 +0000 In-Reply-To: David Greenman "Re: bsd securelevel patch question" (Jul 7, 12:17am) Reply-To: rotel@indigo.ie X-Mailer: Mail User's Shell (7.2.6 beta(3) 11/17/96) To: dg@root.com, rotel@indigo.ie Subject: Re: bsd securelevel patch question Cc: "Allen Smith" , security@FreeBSD.ORG, njs3@doc.ic.ac.uk, dima@best.net, abc@ralph.ml.org, tqbf@secnet.com Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Jul 7, 12:17am, David Greenman wrote: } Subject: Re: bsd securelevel patch question > > >> > As for the security, I'd > >> >prefer to allow connects in to the ftp servers on ports I know it > >> >will be listening on rather than having a machine inside the DMZ > >> >initiating TCP connections; having said that, FreeBSD's ftp daemon > >> >currently accepts connections on ports it is listening on from any > >> >IP, in accordance with the FTP RFC, but this is inconsistenct with > >> >the bahaviour of the PORT command in paranoid mode which will only > >> >connect to the IP of the control channel peer. What do you think > >> >of patching this? > >> > >> Are you talking about the data port listens that ftpd does when it is > >> operating in passive mode? If so, then you're wrong - ftpd listens for the > >> control channel IP address. > > > >No it doesn't; check dataconn() in ftpd.c, it simply accepts the > >connection after using select for timeout. The "authentication" > >for PORT occurs as part of parsing the PORT command in host_port in > >ftpcmd.y > > What does accept() have to do with how the socket is bind()ed? (Answer: > absolutely nothing) The bind() and listen() occur in the passive() function, > which very definately sets the ctrl_addr as the listen address. I'm talking about the addresses the ftpd will accept data channel connections from in paranoid (and passive) mode, not the address at which it listens for those connections, I thought you were too, from what you said above: "ftpd listens for the control channel IP address". In paranoid mode and active mode it will only connect the data channel to the control channel peer on a non-priviledged port. When in paranoid mode and passive mode it will accept data channel connections from any IP on any port. > I also don't > know what you're talking about regarding the PORT command in passive mode > since these are mutually exclusive. Yes I know; I was pointing out that there is no function which handles authentiction of the remote data channel peer in both the passive and active modes in paranoid mode. Niall -- Niall Smart. PGP: finger njs3@motmot.doc.ic.ac.uk FreeBSD: Turning PC's into Workstations: www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message