From owner-freebsd-net Sat Nov 30 20:10:43 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F06AD37B401 for ; Sat, 30 Nov 2002 20:10:41 -0800 (PST) Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp [202.249.10.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id C962743ECF for ; Sat, 30 Nov 2002 20:10:40 -0800 (PST) (envelope-from jinmei@isl.rdc.toshiba.co.jp) Received: from localhost ([3ffe:501:4819:2000:925:bef9:8ff8:bfad]) by shuttle.wide.toshiba.co.jp (8.11.6/8.9.1) with ESMTP id gB14ASR17569; Sun, 1 Dec 2002 13:10:29 +0900 (JST) Date: Sun, 01 Dec 2002 13:10:35 +0900 Message-ID: From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= To: Juan Francisco Rodriguez Hervella Cc: freebsd-net@FreeBSD.ORG, snap-user@kame.net Subject: Re: Sysctl and root privileges, how could I avoid them ? In-Reply-To: <3DE7A145.18986834@it.uc3m.es> References: <3DE7A145.18986834@it.uc3m.es> User-Agent: Wanderlust/2.6.1 (Upside Down) Emacs/21.2 Mule/5.0 (SAKAKI) Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan. MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII X-Dispatcher: imput version 20000228(IM140) Lines: 24 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >>>>> On Fri, 29 Nov 2002 18:17:57 +0100, >>>>> Juan Francisco Rodriguez Hervella said: > I'm implementing a modification in the > file "getaddrinfo.c", which calls a sysctlbyname > function, but the problem is that > this sysctlbyname function call requires "root" privileges. > But I can not expect all the programs linked to > libinet6 (where getaddrinfo is used) to be executed as root ! Perhaps your code tries the write operation of sysctl, in which case the super user privilege is required by default. If your goal can be achieved without a write operation, the easiest way would be to just avoid the write. If you really need a write operation for every user, you may probably have to reconsider the library design. Since sysctl tends to affect fundamental behavior of kernel, the required privilege is basically reasonable and should not be overridden as an easy compromise. JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message