Page MenuHomeFreeBSD

Revisit blacklistd support in ftpd
ClosedPublic

Authored by lidl on Oct 28 2016, 2:40 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Mar 8, 12:47 AM
Unknown Object (File)
Fri, Mar 8, 12:46 AM
Unknown Object (File)
Fri, Mar 8, 12:46 AM
Unknown Object (File)
Fri, Mar 8, 12:33 AM
Unknown Object (File)
Fri, Mar 8, 12:14 AM
Unknown Object (File)
Thu, Mar 7, 10:11 PM
Unknown Object (File)
Feb 7 2024, 7:34 PM
Unknown Object (File)
Jan 4 2024, 12:03 AM
Subscribers

Details

Summary

Enhance blacklistd support to not log anything by default,
unless blacklistd support is enabled on the command line.
Document new flag in man page, cleanup patches to be less
intrusive in code.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 5728
Build 6026: CI src build

Event Timeline

lidl retitled this revision from to Revisit blacklistd support in ftpd.
lidl updated this object.
lidl edited the test plan for this revision. (Show Details)
lidl added a reviewer: emaste.
lidl set the repository for this revision to rS FreeBSD src repository - subversion.
cem added a reviewer: cem.
cem added a subscriber: cem.
cem added inline comments.
libexec/ftpd/ftpd.c
335

Should this be err() instead?

This revision is now accepted and ready to land.Oct 28 2016, 4:45 PM
libexec/ftpd/ftpd.c
335

I would argue 'no'.

The blacklist support is just supposed to notify the blacklist daemon, not alter the flow of execution of the augmented program.

If someone specified the -B flag in their config, but then managed to get a binary installed without blacklist support, I don't think it is appropriate to start failing just because the configuration via rc.conf or inetd.conf has gone stale.

libexec/ftpd/ftpd.c
335

The counterargument might be: The user has elected to start the daemon with a security mitigation enabled. If we can't support that, we have no business silently running without the mitigation. If we abort, the user can fix their configuration (if it is a stale configuration problem).

libexec/ftpd/blacklist.c
39

you can rely on the global being initialized to 0

40

probably no need for extra blank line

emaste edited edge metadata.

I have a slight preference for @cem's approach but am fine with it either way.

This revision was automatically updated to reflect the committed changes.