From owner-freebsd-hackers Sat Oct 6 1:50:34 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from pintail.mail.pas.earthlink.net (pintail.mail.pas.earthlink.net [207.217.120.122]) by hub.freebsd.org (Postfix) with ESMTP id 50D1137B407; Sat, 6 Oct 2001 01:50:30 -0700 (PDT) Received: from mindspring.com (dialup-209.245.136.251.Dial1.SanJose1.Level3.net [209.245.136.251]) by pintail.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id BAA09318; Sat, 6 Oct 2001 01:50:29 -0700 (PDT) Message-ID: <3BBEC607.CC098104@mindspring.com> Date: Sat, 06 Oct 2001 01:51:19 -0700 From: Terry Lambert Reply-To: tlambert2@mindspring.com X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: hackers@freebsd.org Cc: net@freebsd.org Subject: IPSEC code error Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On a related topic, there appears to be a code error in the IPSEC code. Specifically, the priv flag is set to 1 if the user is root and the socket is non-null (this lets the code be called from the bridging code as well, so ignore the first half of the "if" test, and concentrate on the "uid == 0" test). In the code that examines this flag, the comment is that it is looking at whether or not the port is a priviledged port, not whether or not the user who owns it is root. This implies that the "rootness" check improperly flags any ports opened by root, regardless of whether or not they are priviledged ports. Is the code where the flag is initialized correct, or is the comment where the flag is observed correct? -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message