From owner-svn-src-head@FreeBSD.ORG Fri Jan 9 18:09:02 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E7CE110657B2 for ; Fri, 9 Jan 2009 18:09:02 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.17.9]) by mx1.freebsd.org (Postfix) with ESMTP id 77BA18FC13 for ; Fri, 9 Jan 2009 18:09:02 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-066-053-050.pools.arcor-ip.net [88.66.53.50]) by mrelayeu.kundenserver.de (node=mrelayeu3) with ESMTP (Nemesis) id 0MKxQS-1LLLn31HEN-0005z3; Fri, 09 Jan 2009 19:09:01 +0100 Received: (qmail 29354 invoked from network); 9 Jan 2009 18:09:00 -0000 Received: from fbsd8.laiers.local (192.168.4.151) by laiers.local with SMTP; 9 Jan 2009 18:09:00 -0000 From: Max Laier Organization: FreeBSD To: Julian Elischer Date: Fri, 9 Jan 2009 19:08:59 +0100 User-Agent: KMail/1.10.1 (FreeBSD/8.0-CURRENT; KDE/4.1.1; i386; ; ) References: <200901091602.n09G2Jj1061164@svn.freebsd.org> <200901091802.10287.max@love2party.net> <49678D5E.3030600@elischer.org> In-Reply-To: <49678D5E.3030600@elischer.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200901091909.00457.max@love2party.net> X-Provags-ID: V01U2FsdGVkX18WEbIoGNVgWDDk0VkPc1TWMwUe+W09Qo5BI2L S/ZbQuVWGwkWN8guLs+7OvyQSq2fXci7v63RtyOPPgJTqk/5MW azHhlnuNMKfYOQn9aDZKA== Cc: svn-src-head@freebsd.org, Adrian Chadd , src-committers@freebsd.org, svn-src-all@freebsd.org Subject: Re: svn commit: r186955 - in head/sys: conf netinet X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Jan 2009 18:09:03 -0000 On Friday 09 January 2009 18:46:06 Julian Elischer wrote: > Max Laier wrote: > > On Friday 09 January 2009 17:02:19 Adrian Chadd wrote: > >> Author: adrian > >> Date: Fri Jan 9 16:02:19 2009 > >> New Revision: 186955 > >> URL: http://svn.freebsd.org/changeset/base/186955 > >> > >> Log: > >> Implement a new IP option (not compiled/enabled by default) to allow > >> applications to specify a non-local IP address when bind()'ing a > >> socket to a local endpoint. > > > > That's a *socket* option ... you had me very worried there for a moment > > ;) I don't quite see why you'd hide these under a build time option - > > having the sysctl defaulting to off under CTLFLAG_SECURE seems good > > enough - if people disagree - make it a boot time tuneable, but I > > certainly don't see why you should have to rebuild the kernel for a minor > > thing like this. It certainly isn't performance critical. > > because it can be a big security hole and you do not want people to > have it available on the average machine. > Also because purists complained about it. > You'll notice that the compile option enables the sysctl, > which is used to turn on and off the capacity to do this per socket. > so the admin can disable it, but I felt a lot more comfortable having > it not compiled in by default. Speaking of disabling it ... setting the sysctl to 0 is not really enough to do that. One would also have to walk through the active sockets and GC any that are bound to nonlocal addresses to really disable it ... or do we rely on tcpdrop or the like to do that manually? Of course it would make sense to have something like this: start tproxy, bind forwarding ports, disable sysctl, raise securelevel In addition, should there be a priv(9) check in ip_ctloutput? -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News