I received this piece of code in a patch that turns on the FreeBSD http
filtering. I completely missed that it calls /sbin/sysctl directly which means
I'm slipping on my auditing.
def configure_socket_options
case RUBY_PLATFORM
when /linux/
# 9 is currently TCP_DEFER_ACCEPT
$tcp_defer_accept_opts = [Socket::SOL_TCP, 9, 1]
$tcp_cork_opts = [Socket::SOL_TCP, 3, 1]
when /freebsd/
# Use the HTTP accept filter if available.
# The struct made by pack() is defined in /usr/include/sys/socket.h as
accept_filter_arg
unless `/sbin/sysctl -nq net.inet.accf.http`.empty?
$tcp_defer_accept_opts = [Socket::SOL_SOCKET,
Socket::SO_ACCEPTFILTER, ['httpready', nil].pack('a16a240')]
end
end
end
I'd like to know the following from the FreeBSD crew:
1) Are there any potential malicious potentials to this? I don't assume any
intent, but would like to know if I need to rush out a fix if there's a
hackable problem with this (even theoretical).
2) What would be the un-ghetto way to do this same check?
Thanks a bunch.
--
Zed A. Shaw, MUDCRAP-CE Master Black Belt Sifu
http://www.zedshaw.com/
http://www.awprofessional.com/title/0321483502 -- The Mongrel Book
http://mongrel.rubyforge.org/
http://www.lingr.com/room/3yXhqKbfPy8 -- Come get help.
_______________________________________________
Mongrel-users mailing list
Mongrel-users@rubyforge.org
http://rubyforge.org/mailman/listinfo/mongrel-users
