Re: The dreaded "Alternatives to NFS" question
From: Nick Maclaren (nmm1_at_cus.cam.ac.uk)
Date: 22 Aug 2004 09:12:20 GMT
In article <barmar-C947A5.email@example.com>,
Barry Margolin <firstname.lastname@example.org> wrote:
>In article <email@example.com>,
> Neil W Rickert <firstname.lastname@example.org> wrote:
>> email@example.com (all mail refused) writes:
>> >I'm not very interested in whether the client uses port 20
>> >as it proves so little.
>> You should be interested. It is the server that uses port 20,
>> not the client.
>> The client opens a socket to listen (on a random port). It sends the
>> PORT command to the server advising it of the port to use. Anyone
>> doing packet sniffing could find that port and connect to it. The
>> server connects back using source port 20. The client should not
>> accept connections from source ports other than 20, as a protection
>> against being sent bogus data.
>But in practice I don't think most clients check this. Shouldn't the
>client also check that the connection is coming from the FTP server
>address, and isn't that likely to provide about the same level of
Yes. Also, binding is to the LOCAL port, and not the remote one,
and therefore there is no reason (in theory, at least) why a socket
cannot be bound once and used for many transfers. Now, the whole
socket area is so appallingly specified that it is possible that
there is no way to do that and match FTP's other requirements, but
I am pretty sure that is not so (at least on some systems). To be
absolutely certain, I should have to write code and experiment
with a wide variety of systems, but man page entries like the
following make me think that I am right:
Send, sendto, and sendmsg are used to transmit a message
to another socket. Send may be used only when the socket
is in a connected state, while sendto and sendmsg may be
used at any time.
The address of the target is given by to with tolen speci-
fying its size. ...
It is certainly possible that I might be misremembering the second
class of FTP use, and that the implementation I describe is not a
correct implementation of the FTP protocol. But I don't think so.