artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: eeb276d) | patch
Limit NFS connections to originate from a reserved port.
authorclaudio <claudio@openbsd.org>
Fri, 22 Mar 2024 07:15:04 +0000 (07:15 +0000)
committerclaudio <claudio@openbsd.org>
Fri, 22 Mar 2024 07:15:04 +0000 (07:15 +0000)
commita6ac7a8b64b691f0c7164abfad8061c6f87f7e30
treea6a229bef0135e607776923bafd9b7bcff1e8343tree | snapshot
parenteeb276dfee031771095d62f976689174e966054bcommit | diff
Limit NFS connections to originate from a reserved port.

For TCP connections do the check when adding the socket via nfssvc(2).
For UDP do the check early after soreceive().
On top of this limit the sockets added via nfssvc(2) to IPv4 TCP and UDP
sockets.
OK millert@ deraadt@
sys/nfs/nfs_socket.c diff | blob | history
sys/nfs/nfs_syscalls.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim