Date: Tue, 22 Dec 1998 12:21:14 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: Eivind Eklund <eivind@yes.no> Cc: Dag-Erling Smorgrav <des@flood.ping.uio.no>, Matt Dillon <dillon@FreeBSD.ORG>, security@FreeBSD.ORG Subject: Re: cvs commit: src/etc rc.conf Message-ID: <Pine.BSF.3.96.981222121642.15464D-100000@fledge.watson.org> In-Reply-To: <19981221163532.G14124@follo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 21 Dec 1998, Eivind Eklund wrote: > On Mon, Dec 21, 1998 at 04:25:08PM +0100, Dag-Erling Smorgrav wrote: > > Eivind Eklund <eivind@yes.no> writes: > > > ... unless you do a series of small modifications. It is not as if > > > rescanning the interfaces is a _large_ task, or one that couldn't be > > > done by a forked out half of named > > > > Umm, the problem isn't scanning interfaces, the problem is binding to > > them, which needs to be done by the parent, so you can't delegate > > interface rescanning to a child process. Or rather, you can, but it > > won't matter since at some point the child will need to communicate > > its results to the parent which will then attempt to bind to port 53 > > on interfaces it's not yet bound to, for which it needs privs. > > You don't need to have the parent bind the interface. You use the > capability transfer support in BSD - you pass an fd over a local > socket, using SCM_RIGHTS. > > This is described in the Stevens book, which is presently occupying > the space between your monitor and lamp (on the right side of the > monitor). The implementation of this mechanism is in > sys/kern/uipc_socket.c, sys/kern/uipc_syscalls.c, and > sys/kern/uipc_usrreq.c. The BSD book describes a bug in the mark and sweep garbage collection algorithm than can result in file descriptor hijacking or kernel memory nasties. Does anyone know if this was ever fixed? (It is discussed in the 4.4BSD book in a footnote on the page that discusses SCM_RIGHTS) I glanced through the code for a while this summer while I was modifying the SCM_ ancillary data passing code to be hookable by an LKM. My goal was to allow other things to be transferred, and assuming they don't have the same tunneling property as file descriptors that require the mark-and-sweep, it works fine. I don't attempt to deal with the mark-and-sweep case in my generalized form. I submitted patches a while back, but I haven't had the time to fix the formatting to BDE so needless to say they aren't there yet. Essentially I provide a series of registration functions in the style of at_fork(), except at_unp_gc(), etc. I used the code to allow the passing of privileges from process to process on demand. Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981222121642.15464D-100000>