CVSROOT: /cvs
Module name: src
Changes by: r...@cvs.openbsd.org 2015/10/17 04:20:33
Modified files:
usr.sbin/snmpd : control.c
Log message:
Tighten up snmpd's control socket: do not allow users to terminate the
daemon by sending corrupted imsgs to snmpd. This is especially
important for the optional world-writeable restricted socket that is
used for AgentX. In particular, don't fatal() in the daemon when imsg
size checks on control messages fail, do stricter validation of
expected messages (even assert zero-length imsgs), don't continue and
close the control socket on suspicious input, print a debug log
message on error.
OK gilles@ "the rationale behind it is quite clear"
