Date: Tue, 09 Oct 2001 15:26:36 +0900 From: itojun@iijlab.net To: Shoichi Sakane <sakane@kame.net> Cc: hackers@freebsd.org, net@freebsd.org Subject: Re: kame ipsec policy Message-ID: <3958.1002608796@itojun.org> In-Reply-To: sakane's message of Tue, 09 Oct 2001 15:21:30 %2B0900. <20011009152130C.sakane@kame.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>> On a related topic, there appears to be a code error in the >> IPSEC code. >> >> Specifically, the priv flag is set to 1 if the user is root >> and the socket is non-null (this lets the code be called >> from the bridging code as well, so ignore the first half of >> the "if" test, and concentrate on the "uid == 0" test). >> >> In the code that examines this flag, the comment is that it >> is looking at whether or not the port is a priviledged port, >> not whether or not the user who owns it is root. >> >> This implies that the "rootness" check improperly flags any >> ports opened by root, regardless of whether or not they are >> priviledged ports. no, i guess you got something wrong. "uid == 0" check is used in ipsec code to control the behavior of policy lookups. it has nothing to do with "privileged port" (port number < 1024). if you need more discussions you'd need to specify the line numberes for the code you are worrying about. itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3958.1002608796>