From owner-freebsd-net  Sat Nov 30 20:10:43 2002
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F06AD37B401
	for <freebsd-net@FreeBSD.ORG>; Sat, 30 Nov 2002 20:10:41 -0800 (PST)
Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp [202.249.10.124])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C962743ECF
	for <freebsd-net@FreeBSD.ORG>; Sat, 30 Nov 2002 20:10:40 -0800 (PST)
	(envelope-from jinmei@isl.rdc.toshiba.co.jp)
Received: from localhost ([3ffe:501:4819:2000:925:bef9:8ff8:bfad])
	by shuttle.wide.toshiba.co.jp (8.11.6/8.9.1) with ESMTP id gB14ASR17569;
	Sun, 1 Dec 2002 13:10:29 +0900 (JST)
Date: Sun, 01 Dec 2002 13:10:35 +0900
Message-ID: <y7vfztijs5g.wl@ocean.jinmei.org>
From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= <jinmei@isl.rdc.toshiba.co.jp>
To: Juan Francisco Rodriguez Hervella <jrh@it.uc3m.es>
Cc: freebsd-net@FreeBSD.ORG, snap-user@kame.net
Subject: Re: Sysctl and root privileges, how could I avoid them ?
In-Reply-To: <3DE7A145.18986834@it.uc3m.es>
References: <3DE7A145.18986834@it.uc3m.es>
User-Agent: Wanderlust/2.6.1 (Upside Down) Emacs/21.2 Mule/5.0 (SAKAKI)
Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan.
MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya")
Content-Type: text/plain; charset=US-ASCII
X-Dispatcher: imput version 20000228(IM140)
Lines: 24
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

>>>>> On Fri, 29 Nov 2002 18:17:57 +0100, 
>>>>> Juan Francisco Rodriguez Hervella <jrh@it.uc3m.es> said:

> I'm implementing a modification in the
> file "getaddrinfo.c", which calls a sysctlbyname
> function, but the problem is that
> this sysctlbyname function call requires "root" privileges.

> But I can not expect all the programs linked to
> libinet6 (where getaddrinfo is used) to be executed as root !

Perhaps your code tries the write operation of sysctl, in which case
the super user privilege is required by default.  If your goal can be
achieved without a write operation, the easiest way would be to just
avoid the write.  If you really need a write operation for every user,
you may probably have to reconsider the library design.  Since sysctl
tends to affect fundamental behavior of kernel, the required privilege
is basically reasonable and should not be overridden as an easy
compromise.

					JINMEI, Tatuya
					Communication Platform Lab.
					Corporate R&D Center, Toshiba Corp.
					jinmei@isl.rdc.toshiba.co.jp

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message