Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 30 Aug 2001 14:20:16 -0400 (EDT)
From:      Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
To:        Ruslan Ermilov <ru@FreeBSD.ORG>
Cc:        net@FreeBSD.ORG, security@FreeBSD.ORG
Subject:   Re: Proposed change to route(4) sockets to make them available to non-superuser
Message-ID:  <200108301820.f7UIKGZ66585@khavrinen.lcs.mit.edu>
In-Reply-To: <20010830204132.A47482@sunbay.com>
References:  <20010830145840.A1554@sunbay.com> <200108301533.f7UFXYT64952@khavrinen.lcs.mit.edu> <20010830204132.A47482@sunbay.com>

next in thread | previous in thread | raw e-mail | index | archive | help
<<On Thu, 30 Aug 2001 20:41:32 +0300, Ruslan Ermilov <ru@FreeBSD.ORG> said:

> +	if (rtm->rtm_type != RTM_GET && so->so_cred->cr_uid != 0)
> +		senderr(EACCES);

I'm certain rwatson would object to this.  suser_xxx() allows checking
on the basis of credentials rather than a process, so that's what
should be used.  In any case, the correct error is EPERM, not EACCES.

-GAWollman


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108301820.f7UIKGZ66585>