On Thursday 2009-09-03 23:23, Pierre Chifflier wrote: >+#include <ulogd/ulogd.h> >+ >+/* Default size of the receive buffer for the unix socket >+ 0 means that ulogd will use getsockopt(SO_RCVBUF) to determine it >+ at runtime */ >+#define UNIXSOCK_BUFSIZE_DEFAULT 0 >+ >+/* Default unix socket path */ >+#define UNIXSOCK_UNIXPATH_DEFAULT "/tmp/ulogd2.sock" That does not look like a good default path, though it might be configurable at runtime. It seems that, because sockets are world-connectable by default, random users could spam your socket. Subsequently, there also seems to be an easy DoS whereby a user process only needs to connect to block a legitimate program from sending packets to the module. Finally, but this is not so much of a problem, a user could also create ulogd2.sock first and then receive potentially interesting packets from a legitimate program that thought it would connect to ulogd2. I would just move it out to, for example, /var/run/ulogd/ulogd2.sock so one can set restrictions on /var/run/ulogd as needed. What are your thoughts? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
