Date: Thu, 20 Sep 2001 20:05:36 +0300 From: Ruslan Ermilov <ru@FreeBSD.org> To: Brian Somers <brian@freebsd-services.com> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/net rtsock.c Message-ID: <20010920200536.C61491@sunbay.com> In-Reply-To: <200109201353.f8KDrpR40559@hak.lan.Awfulhak.org>; from brian@freebsd-services.com on Thu, Sep 20, 2001 at 02:53:51PM %2B0100 References: <ru@FreeBSD.org> <200109201353.f8KDrpR40559@hak.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Just a question before I start to break things further. :-) AFAIK this code is shared with OpenBSD, and in OpenBSD the routing sockets behave like after this commit, i.e. writes are allowed if current process has appropriate privileges. I've checked OpenBSD's ppp/arp.c, and it uses write() not ID0write(). Is this broken in OpenBSD then? On Thu, Sep 20, 2001 at 02:53:51PM +0100, Brian Somers wrote: > > ru 2001/09/20 01:25:25 PDT > > > > Modified files: > > sys/net rtsock.c > > Log: > > Use the current process's credentials rather than socket's cached. > > If the process drops its super-user privileges, we certainly don't > > want to allow it to modify routing tables. > > > > Discussed with: rwatson > > > > Revision Changes Path > > 1.58 +3 -3 src/sys/net/rtsock.c > > I can't upgrade any of my current boxes at the moment, but I suspect > this *may* break usr.sbin/ppp/arp.c (the write() on line 136 needs to > change to ID0write()). > > This can be tested by setting up a dialin to be assigned an IP address > that's part of a LAN that's connected to the server, and adding > ``enable proxy'' to the server config. > > If you can't test it right now, could you change the write() to ID0 > write() and I'll check things when I'm in a more stable position ? Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010920200536.C61491>