Date: Tue, 07 Jul 1998 04:42:03 -0700 From: David Greenman <dg@root.com> To: rotel@indigo.ie Cc: "Allen Smith" <easmith@beatrice.rutgers.edu>, security@FreeBSD.ORG, njs3@doc.ic.ac.uk, dima@best.net, abc@ralph.ml.org, tqbf@secnet.com Subject: Re: bsd securelevel patch question Message-ID: <199807071142.EAA22650@implode.root.com> In-Reply-To: Your message of "Tue, 07 Jul 1998 11:46:35 -0000." <199807071046.LAA00625@indigo.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
>> What does accept() have to do with how the socket is bind()ed? (Answer: >> absolutely nothing) The bind() and listen() occur in the passive() function, >> which very definately sets the ctrl_addr as the listen address. > >I'm talking about the addresses the ftpd will accept data channel >connections from in paranoid (and passive) mode, not the address at >which it listens for those connections, I thought you were too, >from what you said above: "ftpd listens for the control channel IP >address". Now I realize where the misunderstanding started. You're suggesting that after the accept(), that ftpd should verify that the address of the peer (presumably via getpeername()) matches the peer address of the control channel? Assuming that the ftp client (or proxy) always does a bind() using it's local control channel address so that the server always sees the same peer address independant of routing issues, then this should work. It would be nice to be able to bind() the foreign address to a (listen) socket as well. -DG David Greenman Co-founder/Principal Architect, The FreeBSD Project To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807071142.EAA22650>