ports/net/fspd 281b3 is a very old fsp daemon which is slow and has some major security issues, so nobody should run this junk anymore. You can get newer version from http://fsp.sourceforge.net/ and repackage it. Current version is autoconfed. There will be fsp281b19 shortly which has my 2-line patch for clean bsd compile. It has two major security problem: 1) root escape 2) buffer overflow when checking paths Fix: remove old junk asap from mirrors, upgrade port. Take a rest. FSP is a very usefull thing, my ISP do not counts UDP in my month quota. FSP is about 3x slower than TCP. Radim Kolar current maintainer of fsp protocol suite How-To-Repeat: You can get independant fsp protocol stacks from fsp.sf.net and write a nice exploits. FSPD can not be exploited using standard tools provided with fsp of by fspclient. I had fsp exploit before, but after Debian group update their fsp distribution, i have deleted them. I have send my exploit to packetstormsecurity and Debian security team in December, but they do not published it nor made announcement. I have no experience with dealing with security holes but i had surpriced that both groups ignored this problem. These funny path for root escape looks like /../../z/y/z. If i remmember correctly fspd rejects pathes starting with dot so ../.. do not works.
Responsible Changed From-To: freebsd-ports-bugs->trevor Over to maintainer
New fspd with fixed security hole is in ports system now. This ticket should be closed and fspd removed from vuxml.
State Changed From-To: open->closed Closed on request of originator.