timcc@csv.viccol.edu.au (Tim Cook) (05/26/90)
We are about to connect to AARNet (The Australian Academic and Research
Network), so I wanted to ensure there are as few security holes around as
possible. We have _not_ been supplied new versions of ftpd or sendmail for
our Sequent Symmetry since November 1988, so I have resorted to finding new
versions myself.
I managed to find a newer version of ftpd, but it has problems working
under DYNIX. In its initialization, it goes through the following
statements:
addrlen = sizeof (his_addr);
if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) {
syslog(LOG_ERR, "getpeername (%s): %m",argv[0]);
exit(1);
}
addrlen = sizeof (ctrl_addr);
if (getsockname(0, (struct sockaddr *)&ctrl_addr, &addrlen) < 0) {
syslog(LOG_ERR, "getsockname (%s): %m",argv[0]);
exit(1);
}
There are other socket-type calls with `0' as first argument contained in
the code, but it dies on the getpeername(2) call. Not surprising when you
consider the documentation for this call.
SYNOPSIS
getpeername(s, name, namelen)
int s;
struct sockaddr *name;
int namelen;
DESCRIPTION
Getpeername returns the name of the peer connected to socket
s. The namelen parameter should be initialized to indicate
the amount of space pointed to by name. On return it con-
tains the actual size of the name returned (in bytes).
Now nothing is done to file descriptor 0 before these calls are attempted,
so it is also unsurprising that ENOTSOCK is found in errno.
What the hell is supposed to happen here (thinking that this must be a case
of changed behaviour in 4.3bsd)?
Alternatively, has anyone got ftpd source for DYNIX V3.0.12 or later that
has had November 1988's bug(s) removed?
--
Sequent Symmetry -- Nice price, shame about the OS...