From owner-freebsd-ports  Sun Jan 13 12: 9:53 2002
Delivered-To: freebsd-ports@freebsd.org
Received: from server10.safepages.com (server10.safepages.com [216.127.146.24])
	by hub.freebsd.org (Postfix) with ESMTP id 6164637B400
	for <freebsd-ports@FreeBSD.ORG>; Sun, 13 Jan 2002 12:09:47 -0800 (PST)
Received: from surfbest.net (152-pool1.ras11.vahen.tii-dial.net [206.148.72.152])
	by server10.safepages.com (Postfix) with ESMTP
	id 9402D4A23F; Sun, 13 Jan 2002 12:50:37 +0000 (GMT)
Message-ID: <3C41827D.5060908@surfbest.net>
Date: Sun, 13 Jan 2002 07:50:05 -0500
From: Ken Stailey <kstailey@surfbest.net>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.7) Gecko/20011222
X-Accept-Language: en-us
MIME-Version: 1.0
To: Ken Stailey <kstailey@surfbest.net>
Cc: Alan Eldridge <alane@geeksrus.net>, "."@babolo.ru,
	freebsd-ports@FreeBSD.ORG
Subject: Re: ports/33818: Bootable ITS image for KLH-10 PDP-10 emulator
References: <200201130013.DAA11901@aaz.links.ru> <3C40D184.1000702@surfbest.net> <20020113061333.GA74245@wwweasel.geeksrus.net> <20020113061850.GA74363@wwweasel.geeksrus.net> <3C417E40.9000504@surfbest.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ports>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ports>
X-Loop: FreeBSD.org

Ken Stailey wrote:

> Alan Eldridge wrote:
>
>> Another idea is to ascertain what about the network stuff needs to run
>> as root, and see if there are ways around the requirement. Or make
>> sure it drops priveleges as soon as it does whatever root magic it
>> needs to.
>>
>> Are you a programmer, Ken? Do you have experience in networking code
>> so that you could see if there's a way to make it work without running
>> as root?
>>
>> -- Alan Eldridge Pmmfmffmmfmp mmmpppppffmpmfpmpppff PmpMpmMpp ppfppp
>> MpfpffmppmppMmpFmmMpm mfpmmmmmfpmpmpppff.
>>
>>
> There's a good chance that this would work.  dpimp uses the tunnel 
> driver like ppp(1).
> I'll go see when ppp drops privs and see if dpimp is doing the same 
> sort of stuff.
>
ppp does just drop privs.  It wrappers certain system calls to make them 
run as root.
socket(2) becomes ID0socket(2) etc.  I could probably just use a cut 
down copy of
id.c from src/usr.sbin/ppp and patch dpimp to use it.

>




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message