Date: Fri, 21 Sep 2001 19:15:10 +0300 From: Ruslan Ermilov <ru@FreeBSD.org> To: Brian Somers <brian@freebsd-services.com> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/net rtsock.c Message-ID: <20010921191510.B87085@sunbay.com> In-Reply-To: <200109202149.f8KLn7R46222@hak.lan.Awfulhak.org>; from brian@freebsd-services.com on Thu, Sep 20, 2001 at 10:49:07PM %2B0100 References: <ru@FreeBSD.org> <200109202149.f8KLn7R46222@hak.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
OK, I have committed the ID0write fix. On Thu, Sep 20, 2001 at 10:49:07PM +0100, Brian Somers wrote: > > Just a question before I start to break things further. :-) > > > > AFAIK this code is shared with OpenBSD, and in OpenBSD the > > routing sockets behave like after this commit, i.e. writes > > are allowed if current process has appropriate privileges. > > > > I've checked OpenBSD's ppp/arp.c, and it uses write() not > > ID0write(). Is this broken in OpenBSD then? > > That's entirely possible... I may not have tested it there for some > time, but I'm pretty sure that I made the MTU update code use > ID0write() rather than write() for exactly this reason and for > OpenBSD's benefit. > > > On Thu, Sep 20, 2001 at 02:53:51PM +0100, Brian Somers wrote: > > > > ru 2001/09/20 01:25:25 PDT > > > > > > > > Modified files: > > > > sys/net rtsock.c > > > > Log: > > > > Use the current process's credentials rather than socket's cached. > > > > If the process drops its super-user privileges, we certainly don't > > > > want to allow it to modify routing tables. > > > > > > > > Discussed with: rwatson > > > > > > > > Revision Changes Path > > > > 1.58 +3 -3 src/sys/net/rtsock.c > > > > > > I can't upgrade any of my current boxes at the moment, but I suspect > > > this *may* break usr.sbin/ppp/arp.c (the write() on line 136 needs to > > > change to ID0write()). > > > > > > This can be tested by setting up a dialin to be assigned an IP address > > > that's part of a LAN that's connected to the server, and adding > > > ``enable proxy'' to the server config. > > > > > > If you can't test it right now, could you change the write() to ID0 > > > write() and I'll check things when I'm in a more stable position ? -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010921191510.B87085>