Re: FreeBSD listen()

[fygrave () SCORPIONS NET (CyberPsychotic)]

~:> mode), which should take care of accepting only single connection and only
~:> from proper source (which is surprisely being ignored by some daemons,
~:> such as ncftpd f.e.).
~:Some programs, such as fxp rely on this kind of behaviour, while i agree
~:that there should be checking, we dont want to break good programs ...
~:

heh..:-) the major problem, which we have here, is that when ftp daemon
doesn't verify source IP address of the party, which establishes data
connection, and the port number, which gets binded by bind() with portnum
= 0, is predictable, we get a security problem.

 OpenBSD has fixed their bind() quite long ago (2.4 at least was already
fixed, current is 2.6), FreeBSD was said to have just plain increment per
call. So linux has. Solaris uses timer to generate port number (which is
`sorta' random, but could be predicted as well). Now when I tried to
convenience people who deal with linux-kernel development to deploy the
similar thing in kernel, (sample patch for 2.2.13 is at
http://www.kalug.lug.net/coding/kernel, might be buggy though, but works
for me just fine), I just got points that ftp daemon should do appropriate
things instead. :)) Quite humorous but looks like ftp developers would
claim that not their code, but kernel should take care of the solution to
the problem.. oh well, that is life :)

-Fyodor