Date: Sun, 13 Jan 2002 08:28:45 -0500 From: Ken Stailey <kstailey@surfbest.net> To: Ken Stailey <kstailey@surfbest.net> Cc: Alan Eldridge <alane@geeksrus.net>, "."@babolo.ru, freebsd-ports@FreeBSD.ORG Subject: Re: ports/33818: Bootable ITS image for KLH-10 PDP-10 emulator Message-ID: <3C418B8D.3080506@surfbest.net> References: <200201130013.DAA11901@aaz.links.ru> <3C40D184.1000702@surfbest.net> <20020113061333.GA74245@wwweasel.geeksrus.net> <20020113061850.GA74363@wwweasel.geeksrus.net> <3C417E40.9000504@surfbest.net> <3C41827D.5060908@surfbest.net> <3C4185DE.3020506@surfbest.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Ken Stailey wrote: > > Ken Stailey wrote: > >> Ken Stailey wrote: >> >>> Alan Eldridge wrote: >>> >>>> Another idea is to ascertain what about the network stuff needs to run >>>> as root, and see if there are ways around the requirement. Or make >>>> sure it drops priveleges as soon as it does whatever root magic it >>>> needs to. >>>> >>>> Are you a programmer, Ken? Do you have experience in networking code >>>> so that you could see if there's a way to make it work without running >>>> as root? >>>> >>>> -- Alan Eldridge Pmmfmffmmfmp mmmpppppffmpmfpmpppff PmpMpmMpp ppfppp >>>> MpfpffmppmppMmpFmmMpm mfpmmmmmfpmpmpppff. >>>> >>>> >>> There's a good chance that this would work. dpimp uses the tunnel >>> driver like ppp(1). >>> I'll go see when ppp drops privs and see if dpimp is doing the same >>> sort of stuff. >>> >> ppp does just drop privs. It wrappers certain system calls to make >> them run as root. >> socket(2) becomes ID0socket(2) etc. I could probably just use a cut >> down copy of >> id.c from src/usr.sbin/ppp and patch dpimp to use it. > > > Oops, I meant "doesn't just". Anyway I tested running klh-10 from my > user account with just dpimp setuid root and it works just like I > expected it too. Never hurts to test. :) ick. Kenneth uses popen(3) to run arp rather than using inline code. This has to be changed. /* The new BSD systems completely did away with the ARP ioctls and instead substituted a far more complicated PF_ROUTE socket hack. Rather than attempt to duplicate the arp(8) utility code here, let's try simply invoking it! arp -S <ipaddr> <ethaddr> pub */ FILE *f; int err; char arpbuff[128]; char resbuff[200]; sprintf(arpbuff, "/usr/sbin/arp -S %s %s %s", ip_adrsprint(ipbuf, ipa), eth_adrsprint(eabuf, eap), (pubf ? "pub" : "")); if (DP_DBGFLG) dbprintln("invoking \"%s\"", arpbuff); if ((f = popen(arpbuff, "r")) == NULL) { syserr(errno, "cannot popen: %s", arpbuff); error("Cannot set ARP entry for %s %s", ip_adrsprint(ipbuf, ipa), eth_adrsprint(eabuf, eap)); return FALSE; } /* Read resulting output to avoid possibility it might hang otherwise */ resbuff[0] = '\0'; (void) fgets(resbuff, sizeof(resbuff)-1, f); err = pclose(f); /* Hope this doesn't wait4() too long */ if (err) { dbprintln("arp exit error: status %d", err); dbprintln("arp command was:", arpbuff); } if (DP_DBGFLG) dbprintln("arp result \"%s\"", resbuff); return TRUE; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C418B8D.3080506>