From owner-freebsd-current Tue Mar 3 11:36:47 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA14257 for freebsd-current-outgoing; Tue, 3 Mar 1998 11:36:47 -0800 (PST) (envelope-from owner-freebsd-current@FreeBSD.ORG) Received: from smtp01.primenet.com (smtp01.primenet.com [206.165.6.131]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA14250 for ; Tue, 3 Mar 1998 11:36:45 -0800 (PST) (envelope-from tlambert@usr02.primenet.com) Received: (from daemon@localhost) by smtp01.primenet.com (8.8.8/8.8.8) id MAA07905; Tue, 3 Mar 1998 12:36:44 -0700 (MST) Received: from usr02.primenet.com(206.165.6.202) via SMTP by smtp01.primenet.com, id smtpd007885; Tue Mar 3 12:36:44 1998 Received: (from tlambert@localhost) by usr02.primenet.com (8.8.5/8.8.5) id MAA02971; Tue, 3 Mar 1998 12:36:31 -0700 (MST) From: Terry Lambert Message-Id: <199803031936.MAA02971@usr02.primenet.com> Subject: Re: Patches in support of security To: wollman@khavrinen.lcs.mit.edu (Garrett Wollman) Date: Tue, 3 Mar 1998 19:36:31 +0000 (GMT) Cc: winter@jurai.net, tlambert@primenet.com, current@FreeBSD.ORG In-Reply-To: <199803031815.NAA24284@khavrinen.lcs.mit.edu> from "Garrett Wollman" at Mar 3, 98 01:15:25 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > This looks useful. (or at least is a useful first step) While some > > policies may be enforced with creative firewall rules, these patches > > provide a clean interface at the application level. > > This seems potentially acceptable. A couple of nits: > > 1) The socket option in question is clearly also applicable to UDP > sockets (and those of any other IP-based protocol). It should be an > IP-level option, not a TCP-level one. The interface will come back untrusted if there is not a route for it available. I was trying to limit it to connected sockets. You could do connected sockets in a UDP client, but interface trust is much less useful for clients than it is for servers. I would even argue it's only useful for servers. I suppose if it were bound to a particular interface insetad of INADDR_ANY, a UDP server would be able to make the decision, but it could do so by grabbing the interface flags directly. I can add this code, if you want, but I didn't see it as being useful in a datagram environment. > 2) Read style(9). This is moderately bogus, if you are complaining about parenthesis placement in the (trivial) tcp_trusted function, since it's a new function. Also, read indent(1). If you are complaining about the lack of prototypes in the declaration, style(9) explicitly allows for matching the declaration style of the compilation unit. 8-(. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message