Date: Thu, 20 Sep 2001 10:06:54 -0500 From: Alfred Perlstein <bright@mu.org> To: Brian Somers <brian@freebsd-services.com> Cc: Ruslan Ermilov <ru@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/net rtsock.c Message-ID: <20010920100654.W61456@elvis.mu.org> In-Reply-To: <200109201353.f8KDrpR40559@hak.lan.Awfulhak.org>; from brian@freebsd-services.com on Thu, Sep 20, 2001 at 02:53:51PM %2B0100 References: <ru@FreeBSD.org> <200109201353.f8KDrpR40559@hak.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
* Brian Somers <brian@freebsd-services.com> [010920 08:54] wrote: > > ru 2001/09/20 01:25:25 PDT > > > > Modified files: > > sys/net rtsock.c > > Log: > > Use the current process's credentials rather than socket's cached. > > If the process drops its super-user privileges, we certainly don't > > want to allow it to modify routing tables. > > > > Discussed with: rwatson > > > > Revision Changes Path > > 1.58 +3 -3 src/sys/net/rtsock.c > > I can't upgrade any of my current boxes at the moment, but I suspect > this *may* break usr.sbin/ppp/arp.c (the write() on line 136 needs to > change to ID0write()). > > This can be tested by setting up a dialin to be assigned an IP address > that's part of a LAN that's connected to the server, and adding > ``enable proxy'' to the server config. > > If you can't test it right now, could you change the write() to ID0 > write() and I'll check things when I'm in a more stable position ? I know this change was done in the interests of security, however traditionally, holding and using an open descriptor that was opened at a higher privledge level is the way UNIX has worked. I think this ought to be backed out. -- -Alfred Perlstein [alfred@freebsd.org] 'Instead of asking why a piece of software is using "1970s technology," start asking why software is ignoring 30 years of accumulated wisdom.' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010920100654.W61456>