From owner-freebsd-net@FreeBSD.ORG  Tue Oct 12 08:46:54 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8C3CE16A4CE; Tue, 12 Oct 2004 08:46:54 +0000 (GMT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 39CFE43D4C; Tue, 12 Oct 2004 08:46:54 +0000 (GMT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (localhost [127.0.0.1])
	by fledge.watson.org (8.13.1/8.13.1) with ESMTP id i9C8jJbK063799;
	Tue, 12 Oct 2004 04:45:19 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Received: from localhost (robert@localhost)i9C8j8a6063796;
	Tue, 12 Oct 2004 04:45:08 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Tue, 12 Oct 2004 04:45:08 -0400 (EDT)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: "Christian S.J. Peron" <csjp@freebsd.org>
In-Reply-To: <20041012041433.GA16734@freefall.freebsd.org>
Message-ID: <Pine.NEB.3.96L.1041012044330.55701G-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-net@freebsd.org
cc: swp@swp.pp.ru
Subject: Re: IP options broken for raw sockets on cred downgrade (was: Re:
	why	required root privileges to set multicast options now?)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Oct 2004 08:46:54 -0000


On Tue, 12 Oct 2004, Christian S.J. Peron wrote:

> First off, allow me to apologize for the delay, I have been away for
> Thanks giving weekend. This patch looks like it fixes most of the
> problems. I should have thought of this when I committed the credential
> checks, sorry about that!
> 
> I am testing this patch right now, and I will report any success
> failures I experience. 

No problem on the delay, and thanks for testing.  It appears to resolve
the problem for me locally (for example, mtrace now works as non-root.  My
primary concern with the fix is making sure it doesn't introduce security
holes -- i.e., I didn't miss any cases to put a suser() in front of, etc,
or implications of passing it down to in_control() without further checks.
As we discussed when starting the work to refine the raw socket
protections, the implications of these changes can be very subtle but
pretty significant, so requires a lot of thinking and testing :-).

Thanks!

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Principal Research Scientist, McAfee Research