Re: The dreaded "Alternatives to NFS" question

From: Nick Maclaren (nmm1_at_cus.cam.ac.uk)
Date: 08/22/04

  • Next message: Atro Tossavainen: "Re: The dreaded "Alternatives to NFS" question"
    Date: 22 Aug 2004 09:12:20 GMT
    
    

    In article <barmar-C947A5.23032321082004@comcast.dca.giganews.com>,
    Barry Margolin <barmar@alum.mit.edu> wrote:
    >In article <cg8sn4$9oo$1@usenet.cso.niu.edu>,
    > Neil W Rickert <rickert+nn@cs.niu.edu> wrote:
    >> elvis@notatla.org.uk (all mail refused) writes:
    >>
    >> >I'm not very interested in whether the client uses port 20
    >> >as it proves so little.
    >>
    >> You should be interested. It is the server that uses port 20,
    >> not the client.
    >>
    >> The client opens a socket to listen (on a random port). It sends the
    >> PORT command to the server advising it of the port to use. Anyone
    >> doing packet sniffing could find that port and connect to it. The
    >> server connects back using source port 20. The client should not
    >> accept connections from source ports other than 20, as a protection
    >> against being sent bogus data.
    >
    >But in practice I don't think most clients check this. Shouldn't the
    >client also check that the connection is coming from the FTP server
    >address, and isn't that likely to provide about the same level of
    >protection?

    Yes. Also, binding is to the LOCAL port, and not the remote one,
    and therefore there is no reason (in theory, at least) why a socket
    cannot be bound once and used for many transfers. Now, the whole
    socket area is so appallingly specified that it is possible that
    there is no way to do that and match FTP's other requirements, but
    I am pretty sure that is not so (at least on some systems). To be
    absolutely certain, I should have to write code and experiment
    with a wide variety of systems, but man page entries like the
    following make me think that I am right:

           Send, sendto, and sendmsg are used to transmit a message
           to another socket. Send may be used only when the socket
           is in a connected state, while sendto and sendmsg may be
           used at any time.

           The address of the target is given by to with tolen speci-
           fying its size. ...

    It is certainly possible that I might be misremembering the second
    class of FTP use, and that the implementation I describe is not a
    correct implementation of the FTP protocol. But I don't think so.

    Regards,
    Nick Maclaren.


  • Next message: Atro Tossavainen: "Re: The dreaded "Alternatives to NFS" question"