From owner-freebsd-ports  Mon Mar 11 12: 6:58 2002
Delivered-To: freebsd-ports@freebsd.org
Received: from www.example.org (ANice-103-1-2-176.abo.wanadoo.fr [80.11.145.176])
	by hub.freebsd.org (Postfix) with SMTP id 5E24537B405
	for <ports@freebsd.org>; Mon, 11 Mar 2002 12:06:38 -0800 (PST)
Received: (qmail 36756 invoked by uid 1000); 11 Mar 2002 20:06:08 -0000
Date: Mon, 11 Mar 2002 21:06:08 +0100
From: Marco Molteni <molter@tin.it>
To: ports@freebsd.org
Subject: [PATCH] port audio/nas. Be stricter in the TCP connections nasd accepts]
Message-ID: <20020311210608.B36696@cobweb.example.org>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="ncSAzJYg3Aa9+CRW"
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ports>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ports>
X-Loop: FreeBSD.org


--ncSAzJYg3Aa9+CRW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Hi,

I just installed nas-1.5 on FreeBSD to use it with festival. 

I am security conscious and when I saw in the netstat output that
nasd listens to INADDR_ANY I had a look at the code.

Unless the -aa command-line option is specified, there is no need for
nasd to listen to INADDR_ANY, it is enough to listen to 127.0.0.1.
This is a secure way not to have unwanted connections from the outside.

Please find enclosed a small patch that implements this suggestion.

I just sent the same patch to the nas mailing list so I hope it will
be included in the next release.

Marco
-- 
Computers are like air conditioners.
They stop working when you open Windows.

--ncSAzJYg3Aa9+CRW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="server:os:connection.c.patch"

--- connection.c~	Mon Dec 11 04:36:07 2000
+++ connection.c	Mon Mar 11 19:43:17 2002
@@ -347,7 +347,11 @@
 #endif
     insock.sin_family = AF_INET;
     insock.sin_port = htons ((unsigned short)(AudioListenPort + atoi (display)));
-    insock.sin_addr.s_addr = htonl(INADDR_ANY);
+    if (allow_any_host == TRUE) {
+	insock.sin_addr.s_addr = htonl(INADDR_ANY);
+    } else {
+	insock.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+    }
     retry = 20;
     while (bind(request, (struct sockaddr *) &insock, sizeof (insock)))
     {

--ncSAzJYg3Aa9+CRW--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message