From owner-freebsd-net Thu Aug 30 8:34: 9 2001 Delivered-To: freebsd-net@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 52C2B37B403; Thu, 30 Aug 2001 08:34:04 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.11.4/8.11.4) id f7UFXYT64952; Thu, 30 Aug 2001 11:33:34 -0400 (EDT) (envelope-from wollman) Date: Thu, 30 Aug 2001 11:33:34 -0400 (EDT) From: Garrett Wollman Message-Id: <200108301533.f7UFXYT64952@khavrinen.lcs.mit.edu> To: Ruslan Ermilov Cc: net@FreeBSD.ORG, security@FreeBSD.ORG Subject: Proposed change to route(4) sockets to make them available to non-superuser In-Reply-To: <20010830145840.A1554@sunbay.com> References: <20010830145840.A1554@sunbay.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org < said: > raw_uattach(struct socket *so, int proto, struct proc *p) > { > struct rawcb *rp = sotorawcb(so); > - int error; > if (rp == 0) > return EINVAL; > - if (p && (error = suser(p)) != 0) > - return error; > return raw_attach(so, proto); > } This allows *anyone* to open any raw socket. This change should not be made; use a specialized route_uattach instead. > + if (rtm->rtm_type != RTM_GET && suser(curproc) != 0) Ick. I worked hard several years ago to get rid of all references to `curproc' in the network stack; I'm none too pleased to see them coming back. Since we already save the credentials of the process which opened the socket, we should do the access-control on the basis of those credentials, not on the basis of the process that happens to be running. (Consider, for example, a daemon which opens its sockets and then changes credentials for safety.) -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message