[nas] Re: [PATCH] be stricter in the TCP connections nasd accepts
Jon Trulson
jon at radscan.com
Wed Mar 13 11:22:49 MST 2002
On Tue, 12 Mar 2002, Marco Molteni wrote:
> Date: Tue, 12 Mar 2002 12:08:54 +0100
> From: Marco Molteni <molter at tin.it>
> To: jon at radscan.com
> Subject: [PATCH] be stricter in the TCP connections nasd accepts
>
> Hi Jon,
>
> I just installed nas-1.5 on FreeBSD to use it with festival.
>
> I am a security paranoid and when I saw in the netstat output that
> nasd listens to INADDR_ANY I had a look at the code.
>
> Unless the -aa command-line option is specified, there is no need for
> nasd to listen to INADDR_ANY, it is enough to listen to 127.0.0.1.
> This is a secure way not to have unwanted connections from the outside.
>
Thanks! I think it would be better to add a new option '-local'
to specify this behavior, as it is useful to be able to have X
authenticated connections from outside hosts... I'll go ahead and do this.
> Please find enclosed a small patch that implements this suggestion.
>
>
>
> --- connection.c~ Mon Dec 11 04:36:07 2000
> +++ connection.c Mon Mar 11 19:43:17 2002
> @@ -347,7 +347,11 @@
> #endif
> insock.sin_family = AF_INET;
> insock.sin_port = htons ((unsigned short)(AudioListenPort + atoi (display)));
> - insock.sin_addr.s_addr = htonl(INADDR_ANY);
> + if (allow_any_host == TRUE) {
> + insock.sin_addr.s_addr = htonl(INADDR_ANY);
> + } else {
> + insock.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
> + }
> retry = 20;
> while (bind(request, (struct sockaddr *) &insock, sizeof (insock)))
> {
>
>
>
>
> Marco
> --
> Computers are like air conditioners.
> They stop working when you open Windows.
>
--
Jon Trulson mailto:jon at radscan.com
ID: 1A9A2B09, FP: C23F328A721264E7 B6188192EC733962
PGP keys at http://radscan.com/~jon/PGPKeys.txt
#include <std/disclaimer.h>
Bad Color Temperature, Too much Peach.
More information about the Nas
mailing list