d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
FreeBSD src
105,474 Commits 72 Branches 135 Tags 3.2 GiB
C 59.6%
C++ 25.5%
Roff 5.1%
Shell 2.9%
Assembly 2.7%
Other 3.6%
a4eb4405e3
Go to file
Yaroslav Tykhiy a4eb4405e3 Disallow a particular kind of port theft described by the following scenario: 
Alice is too lazy to write a server application in PF-independent
	manner.  Therefore she knocks up the server using PF_INET6 only
	and allows the IPv6 socket to accept mapped IPv4 as well.  An evil
	hacker known on IRC as cheshire_cat has an account in the same
	system.  He starts a process listening on the same port as used
	by Alice's server, but in PF_INET.  As a consequence, cheshire_cat
	will distract all IPv4 traffic supposed to go to Alice's server.

Such sort of port theft was initially enabled by copying the code that
implemented the RFC 2553 semantics on IPv4/6 sockets (see inet6(4)) for
the implied case of the same owner for both connections.  After this
change, the above scenario will be impossible.  In the same setting,
the user who attempts to start his server last will get EADDRINUSE.

Of course, using IPv4 mapped to IPv6 leads to security complications
in the first place, but there is no reason to make it even more unsafe.

This change doesn't apply to KAME since it affects a FreeBSD-specific
part of the code.  It doesn't modify the out-of-box behaviour of the
TCP/IP stack either as long as mapping IPv4 to IPv6 is off by default.

MFC after:	1 month
2004-07-28 13:03:07 +00:00
bin Currently if a mount point is not accessible by the calling user, 2004-07-20 18:24:47 +00:00
contrib Add missing () to function invocation. 2004-07-28 05:37:18 +00:00
crypto Regenerate. 2004-04-20 09:49:37 +00:00
etc Bmake glue for GCC 3.4.2-prerelease. 2004-07-28 05:27:21 +00:00
games The name of the landlord in Shaw's _The Man of Destiny_ is Giuseppe (not 2004-07-26 21:18:58 +00:00
gnu Add NO_WERROR here. Binutils as does not compile cleanly with GCC 3.4.x. 2004-07-28 05:39:04 +00:00
include Add __pure and __pure2 where appropriate. 2004-07-23 07:13:35 +00:00
kerberos5 Update version strings for Heimdal: 0.6 -> 0.6.1 2004-04-13 16:41:00 +00:00
lib ANSIfy and constify; this now builds with GCC 3.4. 2004-07-28 11:56:03 +00:00
libexec Fix a few cases that relied on 'implicit int' (constraint violation in C99). 2004-07-11 17:37:33 +00:00
release Correct a couple of noticed slips in sorting order 2004-07-27 10:37:04 +00:00
rescue Remove dangling raidctl reference 2004-03-16 13:42:23 +00:00
sbin Downgrade WARNS level until GCC 3.4.2 warning are fixed. 2004-07-28 06:00:09 +00:00
secure Import the openssl conf for arm. 2004-05-14 12:26:51 +00:00
share after reading the commit mail, I better understand what cnt_hold is for.. 2004-07-27 04:23:00 +00:00
sys Disallow a particular kind of port theft described by the following scenario: 2004-07-28 13:03:07 +00:00
tools After conferring with Apple legal, update the license of this to APSL 2.0 2004-07-27 20:01:43 +00:00
usr.bin Remove local malloc prototypes, which are incorrect and conflict with 2004-07-28 07:12:30 +00:00
usr.sbin Avoid casts as lvalues. 2004-07-28 07:20:04 +00:00
COPYRIGHT Update the COPYRIGHT file to include FreeBSD's compilation copyright 2003-12-31 22:35:22 +00:00
installworld_newk Commit the first set of files for changing time_t on freebsd/sparc64 2004-03-03 19:36:20 +00:00
installworld_oldk Commit the first set of files for changing time_t on freebsd/sparc64 2004-03-03 19:36:20 +00:00
MAINTAINERS s/manditory/mandatory 2004-07-17 20:22:24 +00:00
Makefile The doc team reworked the section of the handbook describing how to 2004-07-23 21:21:34 +00:00
Makefile.inc1 Bmake glue for GCC 3.4.2-prerelease. 2004-07-28 05:27:21 +00:00
README KerberosIV de-orbit burn continues. Disconnect from "make world". 2003-03-08 10:01:26 +00:00
UPDATING back out the localkg changes until things have settled. 2004-07-28 00:09:19 +00:00
UPDATING.64BTT Add a tip for people who are using database-related ports on a sparc64 2004-03-17 01:59:47 +00:00

README 

This is the top level of the FreeBSD source directory.  This file
was last revised on:
$FreeBSD$

For copyright information, please see the file COPYRIGHT in this
directory (additional copyright information also exists for some
sources in this tree - please see the specific source directories for
more information).

The Makefile in this directory supports a number of targets for
building components (or all) of the FreeBSD source tree, the most
commonly used one being ``world'', which rebuilds and installs
everything in the FreeBSD system from the source tree except the
kernel, the kernel-modules and the contents of /etc.  The
``buildkernel'' and ``installkernel'' targets build and install
the kernel and the modules (see below).  Please see the top of
the Makefile in this directory for more information on the
standard build targets and compile-time flags.

Building a kernel is a somewhat more involved process, documentation
for which can be found at:
   http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html
And in the config(8) man page.
Note: If you want to build and install the kernel with the
``buildkernel'' and ``installkernel'' targets, you might need to build
world before.  More information is available in the handbook.

The sample kernel configuration files reside in the sys/<arch>/conf
sub-directory (assuming that you've installed the kernel sources), the
file named GENERIC being the one used to build your initial installation
kernel.  The file NOTES contains entries and documentation for all possible
devices, not just those commonly used.  It is the successor of the ancient
LINT file, but in contrast to LINT, it is not buildable as a kernel but a
pure reference and documentation file.


Source Roadmap:
---------------
bin		System/user commands.

contrib		Packages contributed by 3rd parties.

crypto		Cryptography stuff (see crypto/README).

etc		Template files for /etc.

games		Amusements.

gnu		Various commands and libraries under the GNU Public License.
		Please see gnu/COPYING* for more information.

include		System include files.

kerberos5	Kerberos5 (Heimdal) package.

lib		System libraries.

libexec		System daemons.

release		Release building Makefile & associated tools.

sbin		System commands.

secure		Cryptographic libraries and commands.

share		Shared resources.

sys		Kernel sources.

tools		Utilities for regression testing and miscellaneous tasks.

usr.bin		User commands.

usr.sbin	System administration commands.


For information on synchronizing your source tree with one or more of
the FreeBSD Project's development branches, please see:

  http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/synching.html