From owner-freebsd-ports Sun Jan 13 5:44:21 2002 Delivered-To: freebsd-ports@freebsd.org Received: from server3.safepages.com (server3.safepages.com [216.127.146.5]) by hub.freebsd.org (Postfix) with ESMTP id D2FBB37B404 for ; Sun, 13 Jan 2002 05:44:10 -0800 (PST) Received: from surfbest.net (152-pool1.ras11.vahen.tii-dial.net [206.148.72.152]) by server3.safepages.com (Postfix) with ESMTP id 8ACC763FA; Sun, 13 Jan 2002 13:29:18 +0000 (GMT) Message-ID: <3C418B8D.3080506@surfbest.net> Date: Sun, 13 Jan 2002 08:28:45 -0500 From: Ken Stailey User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.7) Gecko/20011222 X-Accept-Language: en-us MIME-Version: 1.0 To: Ken Stailey Cc: Alan Eldridge , "."@babolo.ru, freebsd-ports@FreeBSD.ORG Subject: Re: ports/33818: Bootable ITS image for KLH-10 PDP-10 emulator References: <200201130013.DAA11901@aaz.links.ru> <3C40D184.1000702@surfbest.net> <20020113061333.GA74245@wwweasel.geeksrus.net> <20020113061850.GA74363@wwweasel.geeksrus.net> <3C417E40.9000504@surfbest.net> <3C41827D.5060908@surfbest.net> <3C4185DE.3020506@surfbest.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ken Stailey wrote: > > Ken Stailey wrote: > >> Ken Stailey wrote: >> >>> Alan Eldridge wrote: >>> >>>> Another idea is to ascertain what about the network stuff needs to run >>>> as root, and see if there are ways around the requirement. Or make >>>> sure it drops priveleges as soon as it does whatever root magic it >>>> needs to. >>>> >>>> Are you a programmer, Ken? Do you have experience in networking code >>>> so that you could see if there's a way to make it work without running >>>> as root? >>>> >>>> -- Alan Eldridge Pmmfmffmmfmp mmmpppppffmpmfpmpppff PmpMpmMpp ppfppp >>>> MpfpffmppmppMmpFmmMpm mfpmmmmmfpmpmpppff. >>>> >>>> >>> There's a good chance that this would work. dpimp uses the tunnel >>> driver like ppp(1). >>> I'll go see when ppp drops privs and see if dpimp is doing the same >>> sort of stuff. >>> >> ppp does just drop privs. It wrappers certain system calls to make >> them run as root. >> socket(2) becomes ID0socket(2) etc. I could probably just use a cut >> down copy of >> id.c from src/usr.sbin/ppp and patch dpimp to use it. > > > Oops, I meant "doesn't just". Anyway I tested running klh-10 from my > user account with just dpimp setuid root and it works just like I > expected it too. Never hurts to test. :) ick. Kenneth uses popen(3) to run arp rather than using inline code. This has to be changed. /* The new BSD systems completely did away with the ARP ioctls and instead substituted a far more complicated PF_ROUTE socket hack. Rather than attempt to duplicate the arp(8) utility code here, let's try simply invoking it! arp -S pub */ FILE *f; int err; char arpbuff[128]; char resbuff[200]; sprintf(arpbuff, "/usr/sbin/arp -S %s %s %s", ip_adrsprint(ipbuf, ipa), eth_adrsprint(eabuf, eap), (pubf ? "pub" : "")); if (DP_DBGFLG) dbprintln("invoking \"%s\"", arpbuff); if ((f = popen(arpbuff, "r")) == NULL) { syserr(errno, "cannot popen: %s", arpbuff); error("Cannot set ARP entry for %s %s", ip_adrsprint(ipbuf, ipa), eth_adrsprint(eabuf, eap)); return FALSE; } /* Read resulting output to avoid possibility it might hang otherwise */ resbuff[0] = '\0'; (void) fgets(resbuff, sizeof(resbuff)-1, f); err = pclose(f); /* Hope this doesn't wait4() too long */ if (err) { dbprintln("arp exit error: status %d", err); dbprintln("arp command was:", arpbuff); } if (DP_DBGFLG) dbprintln("arp result \"%s\"", resbuff); return TRUE; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message