Date: Mon, 8 Oct 2001 16:35:31 -0400 (EDT) From: Robert Watson <rwatson@freebsd.org> To: Terry Lambert <tlambert2@mindspring.com> Cc: hackers@freebsd.org, net@freebsd.org Subject: Re: IPSEC code error Message-ID: <Pine.NEB.3.96L.1011008163422.93151O-100000@fledge.watson.org> In-Reply-To: <3BBEC607.CC098104@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I haven't reviewed that particular piece of code for correctness, but noticed that the caching of the privilege check there actually does cause problems for a variety of reasons in my work. I'd much rather individual uses of suser() appeared in the netinet6 tree, and that appropriate context for the check was passed down the stack to where the knowledge of privilege is needed, rather than just the flag. Sometime, I'll get around to some diffs. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services On Sat, 6 Oct 2001, Terry Lambert wrote: > On a related topic, there appears to be a code error in the > IPSEC code. > > Specifically, the priv flag is set to 1 if the user is root > and the socket is non-null (this lets the code be called > from the bridging code as well, so ignore the first half of > the "if" test, and concentrate on the "uid == 0" test). > > In the code that examines this flag, the comment is that it > is looking at whether or not the port is a priviledged port, > not whether or not the user who owns it is root. > > This implies that the "rootness" check improperly flags any > ports opened by root, regardless of whether or not they are > priviledged ports. > > Is the code where the flag is initialized correct, or is the > comment where the flag is observed correct? > > -- Terry > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1011008163422.93151O-100000>