From owner-cvs-all  Thu Sep 20 12: 9:12 2001
Delivered-To: cvs-all@freebsd.org
Received: from elvis.mu.org (elvis.mu.org [216.33.66.196])
	by hub.freebsd.org (Postfix) with ESMTP
	id 87ED937B41D; Thu, 20 Sep 2001 12:09:05 -0700 (PDT)
Received: by elvis.mu.org (Postfix, from userid 1192)
	id 6AAFA81D01; Thu, 20 Sep 2001 14:09:05 -0500 (CDT)
Date: Thu, 20 Sep 2001 14:09:05 -0500
From: Alfred Perlstein <bright@mu.org>
To: Robert Watson <rwatson@FreeBSD.org>
Cc: Brian Somers <brian@freebsd-services.com>,
	Ruslan Ermilov <ru@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/net rtsock.c
Message-ID: <20010920140905.Z61456@elvis.mu.org>
References: <20010920100654.W61456@elvis.mu.org> <Pine.NEB.3.96L.1010920113143.10140C-100000@fledge.watson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.NEB.3.96L.1010920113143.10140C-100000@fledge.watson.org>; from rwatson@FreeBSD.org on Thu, Sep 20, 2001 at 11:36:52AM -0400
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

* Robert Watson <rwatson@FreeBSD.org> [010920 10:38] wrote:
> 
> On Thu, 20 Sep 2001, Alfred Perlstein wrote:
> 
> > I know this change was done in the interests of security, however
> > traditionally, holding and using an open descriptor that was opened at a
> > higher privledge level is the way UNIX has worked.  I think this ought
> > to be backed out. 
> 
> This is not true in a number of important cases, including the binding of
> low port numbers in the IP stack, in several network ioctl's (including
> interface configuration), IPSec policy configuration, PPP and other
> network pseudo-device, configration, all of which use the current process
> credential instead of the cached credential. 

Good point.  Although this causes a problem when you trust a helper
app to do the right thing when handed a filedescriptor referencing
a privledged object.

Your call, I just wanted to bring it up for consideration, I'm
too busy lately to have strong feelings about these things. :)

-- 
-Alfred Perlstein [alfred@freebsd.org]
'Instead of asking why a piece of software is using "1970s technology,"
start asking why software is ignoring 30 years of accumulated wisdom.'

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message