diff options
| author | Chuck Lever <chuck.lever@oracle.com> | 2008-09-26 12:42:45 -0400 |
|---|---|---|
| committer | Steve Dickson <steved@redhat.com> | 2008-09-26 12:42:45 -0400 |
| commit | 18c6c616e07ec4fcd27108d87b6f02280d9687d6 (patch) | |
| tree | becebe3ddb8a3426837139f4a87b9397929f092b /utils/statd/simu.c | |
| parent | 4ac04d76dc0fffe48313d6a16b4ca9b44c135818 (diff) | |
| download | nfs-utils-18c6c616e07ec4fcd27108d87b6f02280d9687d6.tar.gz nfs-utils-18c6c616e07ec4fcd27108d87b6f02280d9687d6.tar.xz nfs-utils-18c6c616e07ec4fcd27108d87b6f02280d9687d6.zip | |
rpc.statd: eliminate --secure_statd
Clean up: Remove RESTRICTED_STATD to help make IPv6 changes simpler.
We keep the code behind RESTRICTED_STATD, and toss anything that is
compiled out when it is set.
RESTRICTED_STATD was added almost 10 years ago in response to CERT
CERT CA-99.05, which addresses exposures in rpc.statd that might allow
an attacker to take advantage of buffer overflows in rpc.statd while it
is running in privileged mode.
These days, I can't think of a reason why anyone would want to run
rpc.statd without setting RESTRICTED_STATD. In addition, I don't
think rpc.statd is ever tested without it.
Removing RESTRICTED_STATD will get rid of some address storage and
comparison issues that will make IPv6 support simpler. Plus it will
make our test matrix smaller!
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Acked-by: Neil Brown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
Diffstat (limited to 'utils/statd/simu.c')
| -rw-r--r-- | utils/statd/simu.c | 35 |
1 files changed, 13 insertions, 22 deletions
diff --git a/utils/statd/simu.c b/utils/statd/simu.c index 82d794e..25e8bad 100644 --- a/utils/statd/simu.c +++ b/utils/statd/simu.c @@ -22,35 +22,26 @@ void * sm_simu_crash_1_svc (void *argp, struct svc_req *rqstp) { static char *result = NULL; + struct in_addr caller; + + caller = svc_getcaller(rqstp->rq_xprt)->sin_addr; + if (caller.s_addr != htonl(INADDR_LOOPBACK)) { + note(N_WARNING, "Call to statd from non-local host %s", + inet_ntoa(caller)); + goto failure; + } + + if (ntohs(svc_getcaller(rqstp->rq_xprt)->sin_port) >= 1024) { + note(N_WARNING, "Call to statd-simu-crash from unprivileged port"); + goto failure; + } -#ifdef RESTRICTED_STATD - struct in_addr caller; - - /* 1. Reject anyone not calling from 127.0.0.1. - * Ignore the my_name specified by the caller, and - * use "127.0.0.1" instead. - */ - caller = svc_getcaller(rqstp->rq_xprt)->sin_addr; - if (caller.s_addr != htonl(INADDR_LOOPBACK)) { - note(N_WARNING, - "Call to statd from non-local host %s", - inet_ntoa(caller)); - goto failure; - } - if (ntohs(svc_getcaller(rqstp->rq_xprt)->sin_port) >= 1024) { - note(N_WARNING, - "Call to statd-simu-crash from unprivileged port\n"); - goto failure; - } -#endif note (N_WARNING, "*** SIMULATING CRASH! ***"); my_svc_exit (); if (rtnl) nlist_kill (&rtnl); -#ifdef RESTRICTED_STATD failure: -#endif return ((void *)&result); } |