Re: The dreaded "Alternatives to NFS" question

• Previous message: all mail refused: "Re: The dreaded "Alternatives to NFS" question"
• In reply to: Barry Margolin: "Re: The dreaded "Alternatives to NFS" question"
• Next in thread: Barry Margolin: "Re: The dreaded "Alternatives to NFS" question"
• Reply: Barry Margolin: "Re: The dreaded "Alternatives to NFS" question"
• Reply: Casper H.S. Dik: "Re: The dreaded "Alternatives to NFS" question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 22 Aug 2004 09:12:20 GMT

In article <barmar-C947A5.23032321082004@comcast.dca.giganews.com>,
Barry Margolin <barmar@alum.mit.edu> wrote:
>In article <cg8sn4$9oo$1@usenet.cso.niu.edu>,
> Neil W Rickert <rickert+nn@cs.niu.edu> wrote:
>> elvis@notatla.org.uk (all mail refused) writes:
>>
>> >I'm not very interested in whether the client uses port 20
>> >as it proves so little.
>>
>> You should be interested. It is the server that uses port 20,
>> not the client.
>>
>> The client opens a socket to listen (on a random port). It sends the
>> PORT command to the server advising it of the port to use. Anyone
>> doing packet sniffing could find that port and connect to it. The
>> server connects back using source port 20. The client should not
>> accept connections from source ports other than 20, as a protection
>> against being sent bogus data.
>
>But in practice I don't think most clients check this. Shouldn't the
>client also check that the connection is coming from the FTP server
>address, and isn't that likely to provide about the same level of
>protection?

Yes. Also, binding is to the LOCAL port, and not the remote one,
and therefore there is no reason (in theory, at least) why a socket
cannot be bound once and used for many transfers. Now, the whole
socket area is so appallingly specified that it is possible that
there is no way to do that and match FTP's other requirements, but
I am pretty sure that is not so (at least on some systems). To be
absolutely certain, I should have to write code and experiment
with a wide variety of systems, but man page entries like the
following make me think that I am right:

       Send, sendto, and sendmsg are used to transmit a message
       to another socket. Send may be used only when the socket
       is in a connected state, while sendto and sendmsg may be
       used at any time.

       The address of the target is given by to with tolen speci-
       fying its size. ...

It is certainly possible that I might be misremembering the second
class of FTP use, and that the implementation I describe is not a
correct implementation of the FTP protocol. But I don't think so.

Regards,
Nick Maclaren.

• Previous message: all mail refused: "Re: The dreaded "Alternatives to NFS" question"
• In reply to: Barry Margolin: "Re: The dreaded "Alternatives to NFS" question"
• Next in thread: Barry Margolin: "Re: The dreaded "Alternatives to NFS" question"
• Reply: Barry Margolin: "Re: The dreaded "Alternatives to NFS" question"
• Reply: Casper H.S. Dik: "Re: The dreaded "Alternatives to NFS" question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]