diff options
author | Paul Traina <pst@FreeBSD.org> | 1996-11-19 18:03:16 +0000 |
---|---|---|
committer | Paul Traina <pst@FreeBSD.org> | 1996-11-19 18:03:16 +0000 |
commit | 6c6cc60e3893e52350fe0cf4f6d74023326f80d1 (patch) | |
tree | 00d614db52b50f3446b31dd33c8db7c6839e3eb7 /libexec/rexecd/rexecd.c | |
parent | 3d989d58d871a2fbabf76fda46fea9780ed4ed5f (diff) | |
download | src-6c6cc60e3893e52350fe0cf4f6d74023326f80d1.tar.gz src-6c6cc60e3893e52350fe0cf4f6d74023326f80d1.zip |
Do not attempt to open reverse channel until authentication phase has
succeeded.
Never allow the reverse channel to be to a privileged port.
Cannidate for: 2.1 and 2.2 branches
Reviewed by: pst (with local cleanups)
Submitted by: Cy Shubert <cy@cwsys.cwent.com>
Obtained from: Jaeger <jaeger@dhp.com> via BUGTRAQ
Notes
Notes:
svn path=/head/; revision=19871
Diffstat (limited to 'libexec/rexecd/rexecd.c')
-rw-r--r-- | libexec/rexecd/rexecd.c | 38 |
1 files changed, 24 insertions, 14 deletions
diff --git a/libexec/rexecd/rexecd.c b/libexec/rexecd/rexecd.c index 61f020aca022..29051294a22c 100644 --- a/libexec/rexecd/rexecd.c +++ b/libexec/rexecd/rexecd.c @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id$ + * $Id: rexecd.c,v 1.8 1996/09/22 21:54:45 wosch Exp $ */ #ifndef lint @@ -153,18 +153,6 @@ doit(f, fromp) port = port * 10 + c - '0'; } (void) alarm(0); - if (port != 0) { - s = socket(AF_INET, SOCK_STREAM, 0); - if (s < 0) - exit(1); - if (bind(s, (struct sockaddr *)&asin, sizeof (asin)) < 0) - exit(1); - (void) alarm(60); - fromp->sin_port = htons(port); - if (connect(s, (struct sockaddr *)fromp, sizeof (*fromp)) < 0) - exit(1); - (void) alarm(0); - } getstr(user, sizeof(user), "username"); getstr(pass, sizeof(pass), "password"); getstr(cmdbuf, sizeof(cmdbuf), "command"); @@ -217,8 +205,30 @@ doit(f, fromp) error("No remote directory.\n"); exit(1); } + + if (port != 0) { + if (port < IPPORT_RESERVED) { + syslog(LOG_ERR, "%s CONNECTION REFUSED to %s:%d " + "client requested privileged port", + user, remote, port); + error("Privileged port requested for stderr info.\n"); + exit(1); + } + s = socket(AF_INET, SOCK_STREAM, 0); + if (s < 0) + exit(1); + if (bind(s, (struct sockaddr *)&asin, sizeof (asin)) < 0) + exit(1); + (void) alarm(60); + fromp->sin_port = htons(port); + if (connect(s, (struct sockaddr *)fromp, sizeof (*fromp)) < 0) + exit(1); + (void) alarm(0); + } + (void) write(2, "\0", 1); - if (port) { + + if (port != 0) { (void) pipe(pv); pid = fork(); if (pid == -1) { |