From owner-cvs-all  Thu Sep 20 10: 6:10 2001
Delivered-To: cvs-all@freebsd.org
Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65])
	by hub.freebsd.org (Postfix) with ESMTP
	id D80DA37B401; Thu, 20 Sep 2001 10:05:58 -0700 (PDT)
Received: (from ru@localhost)
	by whale.sunbay.crimea.ua (8.11.2/8.11.2) id f8KH5a164307;
	Thu, 20 Sep 2001 20:05:36 +0300 (EEST)
	(envelope-from ru)
Date: Thu, 20 Sep 2001 20:05:36 +0300
From: Ruslan Ermilov <ru@FreeBSD.org>
To: Brian Somers <brian@freebsd-services.com>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/net rtsock.c
Message-ID: <20010920200536.C61491@sunbay.com>
References: <ru@FreeBSD.org> <200109201353.f8KDrpR40559@hak.lan.Awfulhak.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200109201353.f8KDrpR40559@hak.lan.Awfulhak.org>; from brian@freebsd-services.com on Thu, Sep 20, 2001 at 02:53:51PM +0100
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

Just a question before I start to break things further.  :-)

AFAIK this code is shared with OpenBSD, and in OpenBSD the
routing sockets behave like after this commit, i.e. writes
are allowed if current process has appropriate privileges.

I've checked OpenBSD's ppp/arp.c, and it uses write() not
ID0write().  Is this broken in OpenBSD then?

On Thu, Sep 20, 2001 at 02:53:51PM +0100, Brian Somers wrote:
> > ru          2001/09/20 01:25:25 PDT
> > 
> >   Modified files:
> >     sys/net              rtsock.c 
> >   Log:
> >   Use the current process's credentials rather than socket's cached.
> >   If the process drops its super-user privileges, we certainly don't
> >   want to allow it to modify routing tables.
> >   
> >   Discussed with:	rwatson
> >   
> >   Revision  Changes    Path
> >   1.58      +3 -3      src/sys/net/rtsock.c
> 
> I can't upgrade any of my current boxes at the moment, but I suspect 
> this *may* break usr.sbin/ppp/arp.c (the write() on line 136 needs to 
> change to ID0write()).
> 
> This can be tested by setting up a dialin to be assigned an IP address 
> that's part of a LAN that's connected to the server, and adding 
> ``enable proxy'' to the server config.
> 
> If you can't test it right now, could you change the write() to ID0
> write() and I'll check things when I'm in a more stable position ?


Cheers,
-- 
Ruslan Ermilov		Oracle Developer/DBA,
ru@sunbay.com		Sunbay Software AG,
ru@FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message