Date: Fri, 10 Jan 1997 13:47:32 -0600 (CST) From: Greg Lehey <grog@lemis.de> To: wpaul@skynet.ctr.columbia.edu (Bill Paul) Cc: FreeBSD-current@FreeBSD.ORG (FreeBSD current users) Subject: Re: What's happened to nfsd and mountd? Message-ID: <199701101947.NAA00382@papillon.lemis.de> In-Reply-To: <199701100612.BAA27329@skynet.ctr.columbia.edu> from Bill Paul at "Jan 10, 97 01:12:34 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Bill Paul writes: > Of all the gin joints in all the towns in all the world, grog@lemis.de > had to walk into mine and say: > >> Peter Wemm writes: >>> Greg Lehey wrote: >>>> A pointer to the problem, by the look of it: >>>> >>>> === grog@freebie (/dev/ttypa) ~/src 3 -> gma >>>> get_myaddress() returns 0 >>>> sin_family = 0 (AF_INET = 2) >>>> sin_len = 3 (16) >>>> sin_port = 0 >>>> sin_addr = 0.32.0.0 >>>> SIOCFIGCONF used 1008 bytes of a buffer 1024 long >>> >>> YIKES! >> chop] > > Indeed. > >> Unfortunately, mountd still fails (and draws portmap in for sympathy) >> with a message which completely baffles me: >> >> Jan 9 12:08:28 freebie portmap[754]: connect from 127.0.0.1 to unset(mountd): request from non-local host >> chop] > > Aha. Okay, I think get_myaddress() is fine now, but next somebody will have > to fix src/usr.sbin/portmap/from_local.c. Yes, I thought it would be something like that. I just didn't have time to go look. > This code is supposed to compare the client IP address against > everything it considers to be a local interface address. However, it > allocates a static buffer that's only large enough for 16 > interfaces. In both these cases, there are much more than 16 > interfaces involved, so SIOCGIFCONF is probably failing. There are > two bugs here: the first is that portmap doesn't use a flexible > enough mechanism to read all the local interfaces and 2) it doesn't > syslog() an appropriate error message when SIOCGIFCONF fails so that > you have some idea of what's going on. Sounds a reasonable hypothesis. > Bumping up the buffer size is not the correct solution, unfortunately. > The correct solution is to do what ifconfig(8) does and use sysctl(). > Only problem is that the correct solution is also tough to implement. :) > > I was hoping to eventually make from_local.c go away: if portmap uses > a local-only transport (AF_UNIX socket) for pmap_set() and pmap_unset(), > then you don't really need from_local() anymore. This also closes a > security hole since from_local() is not really secure, thanks to > IP spoofing. Also, it just occured to me tonight that this whole > situation can get really weird if you're using IP address translation. The situation certainly seems to be crying out for a better solution. I never got round to looking at the code: is AF_UNIX faster than AF_INET to localhost? Greg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199701101947.NAA00382>