From owner-freebsd-ports Mon Mar 11 12: 6:58 2002 Delivered-To: freebsd-ports@freebsd.org Received: from www.example.org (ANice-103-1-2-176.abo.wanadoo.fr [80.11.145.176]) by hub.freebsd.org (Postfix) with SMTP id 5E24537B405 for ; Mon, 11 Mar 2002 12:06:38 -0800 (PST) Received: (qmail 36756 invoked by uid 1000); 11 Mar 2002 20:06:08 -0000 Date: Mon, 11 Mar 2002 21:06:08 +0100 From: Marco Molteni To: ports@freebsd.org Subject: [PATCH] port audio/nas. Be stricter in the TCP connections nasd accepts] Message-ID: <20020311210608.B36696@cobweb.example.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="ncSAzJYg3Aa9+CRW" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --ncSAzJYg3Aa9+CRW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi, I just installed nas-1.5 on FreeBSD to use it with festival. I am security conscious and when I saw in the netstat output that nasd listens to INADDR_ANY I had a look at the code. Unless the -aa command-line option is specified, there is no need for nasd to listen to INADDR_ANY, it is enough to listen to 127.0.0.1. This is a secure way not to have unwanted connections from the outside. Please find enclosed a small patch that implements this suggestion. I just sent the same patch to the nas mailing list so I hope it will be included in the next release. Marco -- Computers are like air conditioners. They stop working when you open Windows. --ncSAzJYg3Aa9+CRW Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="server:os:connection.c.patch" --- connection.c~ Mon Dec 11 04:36:07 2000 +++ connection.c Mon Mar 11 19:43:17 2002 @@ -347,7 +347,11 @@ #endif insock.sin_family = AF_INET; insock.sin_port = htons ((unsigned short)(AudioListenPort + atoi (display))); - insock.sin_addr.s_addr = htonl(INADDR_ANY); + if (allow_any_host == TRUE) { + insock.sin_addr.s_addr = htonl(INADDR_ANY); + } else { + insock.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + } retry = 20; while (bind(request, (struct sockaddr *) &insock, sizeof (insock))) { --ncSAzJYg3Aa9+CRW-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message