Date: Thu, 20 Sep 2001 22:49:07 +0100 From: Brian Somers <brian@freebsd-services.com> To: Ruslan Ermilov <ru@FreeBSD.org> Cc: Brian Somers <brian@freebsd-services.com>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, brian@freebsd-services.com Subject: Re: cvs commit: src/sys/net rtsock.c Message-ID: <200109202149.f8KLn7R46222@hak.lan.Awfulhak.org> In-Reply-To: Message from Ruslan Ermilov <ru@FreeBSD.org> of "Thu, 20 Sep 2001 20:05:36 %2B0300." <20010920200536.C61491@sunbay.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Just a question before I start to break things further. :-) > > AFAIK this code is shared with OpenBSD, and in OpenBSD the > routing sockets behave like after this commit, i.e. writes > are allowed if current process has appropriate privileges. > > I've checked OpenBSD's ppp/arp.c, and it uses write() not > ID0write(). Is this broken in OpenBSD then? That's entirely possible... I may not have tested it there for some time, but I'm pretty sure that I made the MTU update code use ID0write() rather than write() for exactly this reason and for OpenBSD's benefit. > On Thu, Sep 20, 2001 at 02:53:51PM +0100, Brian Somers wrote: > > > ru 2001/09/20 01:25:25 PDT > > > > > > Modified files: > > > sys/net rtsock.c > > > Log: > > > Use the current process's credentials rather than socket's cached. > > > If the process drops its super-user privileges, we certainly don't > > > want to allow it to modify routing tables. > > > > > > Discussed with: rwatson > > > > > > Revision Changes Path > > > 1.58 +3 -3 src/sys/net/rtsock.c > > > > I can't upgrade any of my current boxes at the moment, but I suspect > > this *may* break usr.sbin/ppp/arp.c (the write() on line 136 needs to > > change to ID0write()). > > > > This can be tested by setting up a dialin to be assigned an IP address > > that's part of a LAN that's connected to the server, and adding > > ``enable proxy'' to the server config. > > > > If you can't test it right now, could you change the write() to ID0 > > write() and I'll check things when I'm in a more stable position ? > > > Cheers, > -- > Ruslan Ermilov Oracle Developer/DBA, > ru@sunbay.com Sunbay Software AG, > ru@FreeBSD.org FreeBSD committer, > +380.652.512.251 Simferopol, Ukraine > > http://www.FreeBSD.org The Power To Serve > http://www.oracle.com Enabling The Information Age -- Brian <brian@freebsd-services.com> <brian@Awfulhak.org> http://www.freebsd-services.com/ <brian@[uk.]FreeBSD.org> Don't _EVER_ lose your sense of humour ! <brian@[uk.]OpenBSD.org> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109202149.f8KLn7R46222>