Date: Sun, 13 Jan 2002 08:28:45 -0500 From: Ken Stailey <kstailey@surfbest.net> To: Ken Stailey <kstailey@surfbest.net> Cc: Alan Eldridge <alane@geeksrus.net>, "."@babolo.ru, freebsd-ports@FreeBSD.ORG Subject: Re: ports/33818: Bootable ITS image for KLH-10 PDP-10 emulator Message-ID: <3C418B8D.3080506@surfbest.net> References: <200201130013.DAA11901@aaz.links.ru> <3C40D184.1000702@surfbest.net> <20020113061333.GA74245@wwweasel.geeksrus.net> <20020113061850.GA74363@wwweasel.geeksrus.net> <3C417E40.9000504@surfbest.net> <3C41827D.5060908@surfbest.net> <3C4185DE.3020506@surfbest.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Ken Stailey wrote:
>
> Ken Stailey wrote:
>
>> Ken Stailey wrote:
>>
>>> Alan Eldridge wrote:
>>>
>>>> Another idea is to ascertain what about the network stuff needs to run
>>>> as root, and see if there are ways around the requirement. Or make
>>>> sure it drops priveleges as soon as it does whatever root magic it
>>>> needs to.
>>>>
>>>> Are you a programmer, Ken? Do you have experience in networking code
>>>> so that you could see if there's a way to make it work without running
>>>> as root?
>>>>
>>>> -- Alan Eldridge Pmmfmffmmfmp mmmpppppffmpmfpmpppff PmpMpmMpp ppfppp
>>>> MpfpffmppmppMmpFmmMpm mfpmmmmmfpmpmpppff.
>>>>
>>>>
>>> There's a good chance that this would work. dpimp uses the tunnel
>>> driver like ppp(1).
>>> I'll go see when ppp drops privs and see if dpimp is doing the same
>>> sort of stuff.
>>>
>> ppp does just drop privs. It wrappers certain system calls to make
>> them run as root.
>> socket(2) becomes ID0socket(2) etc. I could probably just use a cut
>> down copy of
>> id.c from src/usr.sbin/ppp and patch dpimp to use it.
>
>
> Oops, I meant "doesn't just". Anyway I tested running klh-10 from my
> user account with just dpimp setuid root and it works just like I
> expected it too. Never hurts to test. :)
ick. Kenneth uses popen(3) to run arp rather than using inline code.
This has to be changed.
/* The new BSD systems completely did away with the ARP ioctls
and instead substituted a far more complicated PF_ROUTE socket hack.
Rather than attempt to duplicate the arp(8) utility code here,
let's try simply invoking it!
arp -S <ipaddr> <ethaddr> pub
*/
FILE *f;
int err;
char arpbuff[128];
char resbuff[200];
sprintf(arpbuff, "/usr/sbin/arp -S %s %s %s",
ip_adrsprint(ipbuf, ipa),
eth_adrsprint(eabuf, eap),
(pubf ? "pub" : ""));
if (DP_DBGFLG)
dbprintln("invoking \"%s\"", arpbuff);
if ((f = popen(arpbuff, "r")) == NULL) {
syserr(errno, "cannot popen: %s", arpbuff);
error("Cannot set ARP entry for %s %s",
ip_adrsprint(ipbuf, ipa),
eth_adrsprint(eabuf, eap));
return FALSE;
}
/* Read resulting output to avoid possibility it might hang otherwise */
resbuff[0] = '\0';
(void) fgets(resbuff, sizeof(resbuff)-1, f);
err = pclose(f); /* Hope this doesn't wait4() too long */
if (err) {
dbprintln("arp exit error: status %d", err);
dbprintln("arp command was:", arpbuff);
}
if (DP_DBGFLG)
dbprintln("arp result \"%s\"", resbuff);
return TRUE;
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C418B8D.3080506>