Make --enable-secure-statd the default.

i.e. you now need --disable-secure-statd if you want any client
other than lockd to talk to statd.

Also relax the RESTRICTED_STATD checks so that a recent kernel
with /proc/sys/fs/nfs/nsm_use_hostnames set can still talk to
statd.

Finally, restrict access to simulate_crash so that only privileged
processes on localhost can call it.  Having it accessible by the
whole world is probably not much more than a minor inconvenience,
but it really should be kept closed.

1 files changed, 24 insertions, 0 deletions

diff --git a/utils/statd/simu.c b/utils/statd/simu.c
index 9d685ad..82d794e 100644
--- a/utils/statd/simu.c
+++ b/utils/statd/simu.c
@@ -7,6 +7,7 @@
 #ifdef HAVE_CONFIG_H
 #include <config.h>
 #endif
+#include <arpa/inet.h>
 
 #include "statd.h"
 #include "notlist.h"
@@ -22,11 +23,34 @@ sm_simu_crash_1_svc (void *argp, struct svc_req *rqstp)
 {
   static char *result = NULL;
 
+#ifdef RESTRICTED_STATD
+	struct in_addr	caller;
+
+	/* 1.	Reject anyone not calling from 127.0.0.1.
+	 *	Ignore the my_name specified by the caller, and
+	 *	use "127.0.0.1" instead.
+	 */
+	caller = svc_getcaller(rqstp->rq_xprt)->sin_addr;
+	if (caller.s_addr != htonl(INADDR_LOOPBACK)) {
+		note(N_WARNING,
+			"Call to statd from non-local host %s",
+			inet_ntoa(caller));
+		goto failure;
+	}
+	if (ntohs(svc_getcaller(rqstp->rq_xprt)->sin_port) >= 1024) {
+		note(N_WARNING,
+		     "Call to statd-simu-crash from unprivileged port\n");
+		goto failure;
+	}
+#endif
   note (N_WARNING, "*** SIMULATING CRASH! ***");
   my_svc_exit ();
 
   if (rtnl)
     nlist_kill (&rtnl);
 
+#ifdef RESTRICTED_STATD
+ failure:
+#endif
   return ((void *)&result);
 }