Date: Fri, 16 Aug 1996 23:14:20 +0200 (MET DST) From: J Wunsch <j@uriah.heep.sax.de> To: cshenton@it.hq.nasa.gov (Chris Shenton) Cc: proot@horton.iaces.com, joerg_wunsch@uriah.heep.sax.de, questions@freebsd.org, mike@newell.arlington.va.us Subject: Re: Routed supports variable-length netmasks? Message-ID: <199608162114.XAA07793@uriah.heep.sax.de> In-Reply-To: <199608161908.TAA18292@wirehead.it.hq.nasa.gov> from Chris Shenton at "Aug 16, 96 03:08:36 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
As Chris Shenton wrote: > with effective UID root, if ip-up is a script, FreeBSD squashes the > root privs (that, or pppd uses getuid() rather than geteuid(), still > looking). I've sent a followup to the hackers list. Basically, route is already setuid root, so its effective UID is always 0. This is needed in order to open the routing socket. To protect unprivileged people from manipulating routes (you could also want to use it for ``route get'' only!), it checks for real UID 0. > I guess I could use a SUID perl script or some C code but > this seems too simple to justify that... I'm using suidperl. However, su root -c '/sbin/route add ...' should also do the trick. Since the script runs with effective UID 0, it should be allowed to `su' without a password. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608162114.XAA07793>