From owner-freebsd-questions  Fri Aug 16 14:21:59 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id OAA19018
          for questions-outgoing; Fri, 16 Aug 1996 14:21:59 -0700 (PDT)
Received: from irz301.inf.tu-dresden.de (irz301.inf.tu-dresden.de [141.76.1.11])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id OAA18991
          for <questions@freebsd.org>; Fri, 16 Aug 1996 14:21:51 -0700 (PDT)
Received: from sax.sax.de (sax.sax.de [193.175.26.33]) by irz301.inf.tu-dresden.de (8.6.12/8.6.12-s1) with ESMTP id XAA25991; Fri, 16 Aug 1996 23:21:40 +0200
Received: (from uucp@localhost) by sax.sax.de (8.6.12/8.6.12-s1) with UUCP id XAA27631; Fri, 16 Aug 1996 23:21:35 +0200
Received: (from j@localhost) by uriah.heep.sax.de (8.7.5/8.6.9) id XAA07793; Fri, 16 Aug 1996 23:14:20 +0200 (MET DST)
From: J Wunsch <j@uriah.heep.sax.de>
Message-Id: <199608162114.XAA07793@uriah.heep.sax.de>
Subject: Re: Routed supports variable-length netmasks?
To: cshenton@it.hq.nasa.gov (Chris Shenton)
Date: Fri, 16 Aug 1996 23:14:20 +0200 (MET DST)
Cc: proot@horton.iaces.com, joerg_wunsch@uriah.heep.sax.de,
        questions@freebsd.org, mike@newell.arlington.va.us
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
In-Reply-To: <199608161908.TAA18292@wirehead.it.hq.nasa.gov> from Chris Shenton at "Aug 16, 96 03:08:36 pm"
X-Phone: +49-351-2012 669
X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F  93 21 E0 7D F9 12 D6 4E 
X-Mailer: ELM [version 2.4ME+ PL17 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

As Chris Shenton wrote:

> with effective UID root, if ip-up is a script, FreeBSD squashes the
> root privs (that, or pppd uses getuid() rather than geteuid(), still
> looking).

I've sent a followup to the hackers list.  Basically, route is already
setuid root, so its effective UID is always 0.  This is needed in
order to open the routing socket.  To protect unprivileged people from
manipulating routes (you could also want to use it for ``route get''
only!), it checks for real UID 0.

> I guess I could use a SUID perl script or some C code but
> this seems too simple to justify that...

I'm using suidperl.  However,

	su root -c '/sbin/route add ...'

should also do the trick.  Since the script runs with effective UID
0, it should be allowed to `su' without a password.

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)