From owner-freebsd-current Sun Dec 15 11: 9:54 2002 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1ED1E37B401; Sun, 15 Dec 2002 11:09:52 -0800 (PST) Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F78943ED1; Sun, 15 Dec 2002 11:09:51 -0800 (PST) (envelope-from imp@bsdimp.com) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.12.6/8.12.3) with ESMTP id gBFJ9juB099360; Sun, 15 Dec 2002 12:09:45 -0700 (MST) (envelope-from imp@bsdimp.com) Date: Sun, 15 Dec 2002 12:09:20 -0700 (MST) Message-Id: <20021215.120920.131103264.imp@bsdimp.com> To: dillon@apollo.backplane.com Cc: sam@errno.com, mux@FreeBSD.ORG, obrien@FreeBSD.ORG, current@FreeBSD.ORG Subject: Re: ipfw userland breaks again. From: "M. Warner Losh" In-Reply-To: <200212151903.gBFJ3abr081740@apollo.backplane.com> References: <200212151826.gBFIQMpo081407@apollo.backplane.com> <20021215.115657.90648628.imp@bsdimp.com> <200212151903.gBFJ3abr081740@apollo.backplane.com> X-Mailer: Mew version 2.1 on Emacs 21.2 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message: <200212151903.gBFJ3abr081740@apollo.backplane.com> Matthew Dillon writes: : : : : :: This is complete BULLSHIT, Warner. : : : :Your attitude it totally unacceptible. Learn to play well with : :others, or get the fuck out of the project. : : : :I am *NOT* blocking you. I'm telling you you need to get the SO's : :sign off to make sure that there isn't a security issue because the : :current defaults were set by the so. If you don't like that, then I : :suggest that you get over yourself and find someplace else to play. : : : :Warner : : This is not a security issue. Why do you think it is? How is : 'ipfw unbreak' any different from 'ipfw add 2 allow all from any to any'? : (Other then the fact that unbreak is immune from API changes). : : Have you even bothered to read the patch? Yes, I have. It potentially has security implications because it is a security part of the system. That's why I think it would be valuable to get the SO's input on what you are doing. I've read the patch. It makes it possible with one ioctl to turn off the firewall to allow you to use the system. That needs careful reviewed. In fact, it has one flaw. You'll find on lines /* * Disallow modifications in really-really secure mode, but still allow * the logging counters to be reset. */ if (sopt->sopt_name == IP_FW_ADD || (sopt->sopt_dir == SOPT_SET && sopt->sopt_name != IP_FW_RESETLOG)) { #if __FreeBSD_version >= 500034 error = securelevel_ge(sopt->sopt_td->td_ucred, 3); if (error) return (error); #else /* FreeBSD 4.x */ if (securelevel >= 3) return (EPERM); #endif } which you haven't changed. This strikes me as a danger operation to allow in high security mode, so there likely needs to be some changes assocaited with the above lines (like an || sopt->sopt_name == IP_FW_UNBREAK in the above). Otherwise, an attacker would be able to turn off the ipfw stuff at a high security level. I'm not trying to get in your way Matt, I'm just saying that there needs to be a little discussion on this kludge if you aren't going to fix the real, underlying problem, ok? Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message