From owner-svn-src-head@FreeBSD.ORG Fri Jan 9 18:52:05 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 29276106567C for ; Fri, 9 Jan 2009 18:52:05 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.27]) by mx1.freebsd.org (Postfix) with ESMTP id CCE7A8FC17 for ; Fri, 9 Jan 2009 18:52:04 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: by qw-out-2122.google.com with SMTP id 9so5605874qwb.7 for ; Fri, 09 Jan 2009 10:52:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references :x-google-sender-auth; bh=jD83dOw5TM9WZXBvLcAX3OSVZhFNCqQ/7YZG5kyEABc=; b=QYmv4YZrU4zIYKxbdarAQ6b/NYjcPZEq8vWYhHWCgnhdL9MaXY6fgqmYZ4iywBp836 mx7ARO+iTf1vjvRy5A0157lU8UNjY3gCT3WSeqbsasM9ML+x6oXR3+Z9wfxak1vnNbGy eku8D/Yv5X3kpY87Jp7+v9++QAN0zKWG5YCf0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references:x-google-sender-auth; b=l6dhf9R43M16wxB5JxnYRLiCeF4Rhq/yXOcWqyXn2SsXtJbQqs7kqYb+lXH6Q2FQHl db74xMuD7rjLFW/B2bB9NVemZyeysddFDS7UXoUJmjbnqVXE8HdswZUTNmIJj9ooWX3F Nk56D32ZzD8agKY9CZK3/ZNE4LdzPgfzfNGcg= Received: by 10.214.114.8 with SMTP id m8mr23148363qac.294.1231525751521; Fri, 09 Jan 2009 10:29:11 -0800 (PST) Received: by 10.214.81.13 with HTTP; Fri, 9 Jan 2009 10:29:11 -0800 (PST) Message-ID: Date: Fri, 9 Jan 2009 13:29:11 -0500 From: "Adrian Chadd" Sender: adrian.chadd@gmail.com To: "Max Laier" In-Reply-To: <200901091909.00457.max@love2party.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <200901091602.n09G2Jj1061164@svn.freebsd.org> <200901091802.10287.max@love2party.net> <49678D5E.3030600@elischer.org> <200901091909.00457.max@love2party.net> X-Google-Sender-Auth: e69b9ba7a8b5fe1b Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Julian Elischer Subject: Re: svn commit: r186955 - in head/sys: conf netinet X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Jan 2009 18:52:06 -0000 2009/1/9 Max Laier : > Speaking of disabling it ... setting the sysctl to 0 is not really enough to > do that. One would also have to walk through the active sockets and GC any > that are bound to nonlocal addresses to really disable it ... or do we rely on > tcpdrop or the like to do that manually? Of course it would make sense to > have something like this: start tproxy, bind forwarding ports, disable > sysctl, raise securelevel > > In addition, should there be a priv(9) check in ip_ctloutput? For which priv? Surely you don't really want people running services as root? :) gnn and I talked about this a bit on IRC, and I was waiting for rwatson to come online before posting a followup. Linux's implementation of this stuff uses the CAP_NET_ADMIN capability to define whether a process can do this or not. So users would start Squid as root, Squid would acquire CAP_NET_ADMIN, drop root, and then use it whenever required. Also, this is an option set on bind() on an outbound socket, not a listen() socket. You'd bind() to the client IP you're pretending to be, then connect() to the server destination. You can't raise securelevel/disable sysctl in the way you described. Adrian