Date: Mon, 11 Mar 2002 21:06:08 +0100 From: Marco Molteni <molter@tin.it> To: ports@freebsd.org Subject: [PATCH] port audio/nas. Be stricter in the TCP connections nasd accepts] Message-ID: <20020311210608.B36696@cobweb.example.org>
next in thread | raw e-mail | index | archive | help
--ncSAzJYg3Aa9+CRW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Hi,
I just installed nas-1.5 on FreeBSD to use it with festival.
I am security conscious and when I saw in the netstat output that
nasd listens to INADDR_ANY I had a look at the code.
Unless the -aa command-line option is specified, there is no need for
nasd to listen to INADDR_ANY, it is enough to listen to 127.0.0.1.
This is a secure way not to have unwanted connections from the outside.
Please find enclosed a small patch that implements this suggestion.
I just sent the same patch to the nas mailing list so I hope it will
be included in the next release.
Marco
--
Computers are like air conditioners.
They stop working when you open Windows.
--ncSAzJYg3Aa9+CRW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="server:os:connection.c.patch"
--- connection.c~ Mon Dec 11 04:36:07 2000
+++ connection.c Mon Mar 11 19:43:17 2002
@@ -347,7 +347,11 @@
#endif
insock.sin_family = AF_INET;
insock.sin_port = htons ((unsigned short)(AudioListenPort + atoi (display)));
- insock.sin_addr.s_addr = htonl(INADDR_ANY);
+ if (allow_any_host == TRUE) {
+ insock.sin_addr.s_addr = htonl(INADDR_ANY);
+ } else {
+ insock.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ }
retry = 20;
while (bind(request, (struct sockaddr *) &insock, sizeof (insock)))
{
--ncSAzJYg3Aa9+CRW--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020311210608.B36696>