From owner-freebsd-net  Thu Aug 30 11:21:40 2001
Delivered-To: freebsd-net@freebsd.org
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by hub.freebsd.org (Postfix) with ESMTP
	id AAA0B37B401; Thu, 30 Aug 2001 11:21:35 -0700 (PDT)
	(envelope-from wollman@khavrinen.lcs.mit.edu)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.11.4/8.11.4) id f7UIKGZ66585;
	Thu, 30 Aug 2001 14:20:16 -0400 (EDT)
	(envelope-from wollman)
Date: Thu, 30 Aug 2001 14:20:16 -0400 (EDT)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <200108301820.f7UIKGZ66585@khavrinen.lcs.mit.edu>
To: Ruslan Ermilov <ru@FreeBSD.ORG>
Cc: net@FreeBSD.ORG, security@FreeBSD.ORG
Subject: Re: Proposed change to route(4) sockets to make them available to non-superuser
In-Reply-To: <20010830204132.A47482@sunbay.com>
References: <20010830145840.A1554@sunbay.com>
	<200108301533.f7UFXYT64952@khavrinen.lcs.mit.edu>
	<20010830204132.A47482@sunbay.com>
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

<<On Thu, 30 Aug 2001 20:41:32 +0300, Ruslan Ermilov <ru@FreeBSD.ORG> said:

> +	if (rtm->rtm_type != RTM_GET && so->so_cred->cr_uid != 0)
> +		senderr(EACCES);

I'm certain rwatson would object to this.  suser_xxx() allows checking
on the basis of credentials rather than a process, so that's what
should be used.  In any case, the correct error is EPERM, not EACCES.

-GAWollman


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message