Make --enable-secure-statd the default.

i.e. you now need --disable-secure-statd if you want any client
other than lockd to talk to statd.

Also relax the RESTRICTED_STATD checks so that a recent kernel
with /proc/sys/fs/nfs/nsm_use_hostnames set can still talk to
statd.

Finally, restrict access to simulate_crash so that only privileged
processes on localhost can call it.  Having it accessible by the
whole world is probably not much more than a minor inconvenience,
but it really should be kept closed.

diff --git a/configure.in b/configure.in
index c0148bd1c87d3fc6330f85770a7f78cec9440026..258188ad525720b52a89613b9bad16fde62f460e 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -91,7 +91,7 @@ AC_ARG_ENABLE(secure-statd,
        [AC_HELP_STRING([--enable-secure-statd],
                         [Only lockd can use statd (security)])],
        test "$enableval" = "yes" && secure_statd=yes,
-       secure_statd=no)
+       secure_statd=yes)
        if test "$secure_statd" = yes; then
                AC_DEFINE(RESTRICTED_STATD, 1, [Define this if you want to enable various security checks in statd. These checks basically keep anyone but lockd from using this service.])
        fi

diff --git a/utils/statd/monitor.c b/utils/statd/monitor.c
index 98cbf4a5940ba660bda50aa944f01769b0ee9ea4..8ee04414af050ef6c6de8a16bfeed2e6afd899fc 100644 (file)
--- a/utils/statd/monitor.c
+++ b/utils/statd/monitor.c
@@ -42,7 +42,7 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
        notify_list     *clnt;
        struct in_addr  my_addr;
 #ifdef RESTRICTED_STATD
-       struct in_addr  mon_addr, caller;
+       struct in_addr  caller;
 #else
        struct hostent  *hostinfo = NULL;
 #endif
@@ -87,6 +87,11 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
                goto failure;
        }
 
+#if 0
+       This is not usable anymore.  Linux-kernel can be configured to use
+       host names with NSM so that multi-homed hosts are handled properly.
+               NeilBrown 15mar2007
+
        /* 3.   mon_name must be an address in dotted quad.
         *      Again, specific to the linux kernel lockd.
         */
@@ -96,22 +101,25 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp)
                        mon_name);
                goto failure;
        }
-#else
+#endif
+#endif
        /*
         * Check hostnames.  If I can't look them up, I won't monitor.  This
         * might not be legal, but it adds a little bit of safety and sanity.
         */
 
        /* must check for /'s in hostname!  See CERT's CA-96.09 for details. */
-       if (strchr(mon_name, '/')) {
-               note(N_CRIT, "SM_MON request for hostname containing '/': %s",
-                       mon_name);
+       if (strchr(mon_name, '/') || mon_name[0] == '.') {
+               note(N_CRIT, "SM_MON request for hostname containing '/' "
+                    "or starting '.': %s", mon_name);
                note(N_CRIT, "POSSIBLE SPOOF/ATTACK ATTEMPT!");
                goto failure;
        } else if (gethostbyname(mon_name) == NULL) {
                note(N_WARNING, "gethostbyname error for %s", mon_name);
                goto failure;
-       } else if (!(hostinfo = gethostbyname(my_name))) {
+       }
+#ifndef RESTRICTED_STATD
+       if (!(hostinfo = gethostbyname(my_name))) {
                note(N_WARNING, "gethostbyname error for %s", my_name);
                goto failure;
        } else

diff --git a/utils/statd/simu.c b/utils/statd/simu.c
index 9d685adc3da3b268408954451e4298e9b2fec25b..82d794e1c2667a20198f0cb24a89bcf5e95f75ca 100644 (file)
--- a/utils/statd/simu.c
+++ b/utils/statd/simu.c
@@ -7,6 +7,7 @@
 #ifdef HAVE_CONFIG_H
 #include <config.h>
 #endif
+#include <arpa/inet.h>
 
 #include "statd.h"
 #include "notlist.h"
@@ -22,11 +23,34 @@ sm_simu_crash_1_svc (void *argp, struct svc_req *rqstp)
 {
   static char *result = NULL;
 
+#ifdef RESTRICTED_STATD
+       struct in_addr  caller;
+
+       /* 1.   Reject anyone not calling from 127.0.0.1.
+        *      Ignore the my_name specified by the caller, and
+        *      use "127.0.0.1" instead.
+        */
+       caller = svc_getcaller(rqstp->rq_xprt)->sin_addr;
+       if (caller.s_addr != htonl(INADDR_LOOPBACK)) {
+               note(N_WARNING,
+                       "Call to statd from non-local host %s",
+                       inet_ntoa(caller));
+               goto failure;
+       }
+       if (ntohs(svc_getcaller(rqstp->rq_xprt)->sin_port) >= 1024) {
+               note(N_WARNING,
+                    "Call to statd-simu-crash from unprivileged port\n");
+               goto failure;
+       }
+#endif
   note (N_WARNING, "*** SIMULATING CRASH! ***");
   my_svc_exit ();
 
   if (rtnl)
     nlist_kill (&rtnl);
 
+#ifdef RESTRICTED_STATD
+ failure:
+#endif
   return ((void *)&result);
 }