From owner-freebsd-security Thu Mar 27 13:46:29 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA25821 for security-outgoing; Thu, 27 Mar 1997 13:46:29 -0800 (PST) Received: from enteract.com (root@enteract.com [206.54.252.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA25816 for ; Thu, 27 Mar 1997 13:46:26 -0800 (PST) Received: (from tqbf@localhost) by enteract.com (8.8.5/8.7.6) id PAA13555; Thu, 27 Mar 1997 15:45:55 -0600 (CST) From: "Thomas H. Ptacek" Message-Id: <199703272145.PAA13555@enteract.com> Subject: Re: More netinet suser() stuff... To: fenner@parc.xerox.com (Bill Fenner) Date: Thu, 27 Mar 1997 15:45:54 -0600 (CST) Cc: tqbf@enteract.com, freebsd-security@freebsd.org Reply-To: tqbf@enteract.com In-Reply-To: <97Mar27.124326pst.177486@crevenia.parc.xerox.com> from "Bill Fenner" at Mar 27, 97 12:43:22 pm X-Mailer: ELM [version 2.4 PL24 ME8a] Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > This is indeed the case. This is more a portability issue than anything > else; before there was an IP_HDRINCL socket option, there was IPPROTO_RAW > sockets which implied IP_HDRINCL. However, something like the following > might work: Thanks for clarifying! Is there an obvious way to use an IPPROTO_ICMP raw socket to read packets other than ICMP? From what I can see, packets aren't ever passed through the socket code except through the protocol switches. > Note that traceroute still uses an IPPROTO_RAW socket to send packets, Only if it can't look up "icmp" in /etc/protocols, at least in version 1.3.2 (distributed with FreeBSD 3.0). It should by default open an IPPROTO_ICMP socket. > [Also note that traceroute does a setuid(getuid()) as the 4th thing > in main(), so trying to protect it further might not be a good thing > to be spending a lot of time on] This does nothing to resolve problems in the C runtime support library. The fewer SUID root programs on the system, the better, says I. =) ---------------- Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com] ---------------- "If you're so special, why aren't you dead?"