From owner-cvs-all Thu Sep 20 14:49:29 2001 Delivered-To: cvs-all@freebsd.org Received: from Awfulhak.org (gw.Awfulhak.org [217.204.245.18]) by hub.freebsd.org (Postfix) with ESMTP id 575EF37B408; Thu, 20 Sep 2001 14:49:16 -0700 (PDT) Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [fec0::1:12]) by Awfulhak.org (8.11.6/8.11.6) with ESMTP id f8KLnEt15830; Thu, 20 Sep 2001 22:49:14 +0100 (BST) (envelope-from brian@freebsd-services.com) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.6/8.11.6) with ESMTP id f8KLn7R46222; Thu, 20 Sep 2001 22:49:07 +0100 (BST) (envelope-from brian@freebsd-services.com) Message-Id: <200109202149.f8KLn7R46222@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: Ruslan Ermilov Cc: Brian Somers , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, brian@freebsd-services.com Subject: Re: cvs commit: src/sys/net rtsock.c In-Reply-To: Message from Ruslan Ermilov of "Thu, 20 Sep 2001 20:05:36 +0300." <20010920200536.C61491@sunbay.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 20 Sep 2001 22:49:07 +0100 From: Brian Somers Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Just a question before I start to break things further. :-) > > AFAIK this code is shared with OpenBSD, and in OpenBSD the > routing sockets behave like after this commit, i.e. writes > are allowed if current process has appropriate privileges. > > I've checked OpenBSD's ppp/arp.c, and it uses write() not > ID0write(). Is this broken in OpenBSD then? That's entirely possible... I may not have tested it there for some time, but I'm pretty sure that I made the MTU update code use ID0write() rather than write() for exactly this reason and for OpenBSD's benefit. > On Thu, Sep 20, 2001 at 02:53:51PM +0100, Brian Somers wrote: > > > ru 2001/09/20 01:25:25 PDT > > > > > > Modified files: > > > sys/net rtsock.c > > > Log: > > > Use the current process's credentials rather than socket's cached. > > > If the process drops its super-user privileges, we certainly don't > > > want to allow it to modify routing tables. > > > > > > Discussed with: rwatson > > > > > > Revision Changes Path > > > 1.58 +3 -3 src/sys/net/rtsock.c > > > > I can't upgrade any of my current boxes at the moment, but I suspect > > this *may* break usr.sbin/ppp/arp.c (the write() on line 136 needs to > > change to ID0write()). > > > > This can be tested by setting up a dialin to be assigned an IP address > > that's part of a LAN that's connected to the server, and adding > > ``enable proxy'' to the server config. > > > > If you can't test it right now, could you change the write() to ID0 > > write() and I'll check things when I'm in a more stable position ? > > > Cheers, > -- > Ruslan Ermilov Oracle Developer/DBA, > ru@sunbay.com Sunbay Software AG, > ru@FreeBSD.org FreeBSD committer, > +380.652.512.251 Simferopol, Ukraine > > http://www.FreeBSD.org The Power To Serve > http://www.oracle.com Enabling The Information Age -- Brian http://www.freebsd-services.com/ Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message