Date: Sun, 13 Jan 2002 09:34:54 -0500 From: Ken Stailey <kstailey@surfbest.net> Cc: freebsd-ports@FreeBSD.ORG Subject: Re: ports/33818: Bootable ITS image for KLH-10 PDP-10 emulator Message-ID: <3C419B0E.7060706@surfbest.net> References: <200201130013.DAA11901@aaz.links.ru> <3C40D184.1000702@surfbest.net> <20020113061333.GA74245@wwweasel.geeksrus.net> <20020113061850.GA74363@wwweasel.geeksrus.net> <3C417E40.9000504@surfbest.net> <3C41827D.5060908@surfbest.net> <3C4185DE.3020506@surfbest.net> <3C418B8D.3080506@surfbest.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Ken Stailey wrote: > Ken Stailey wrote: > >> >> Ken Stailey wrote: >> >>> Ken Stailey wrote: >>> >>>> Alan Eldridge wrote: >>>> >>>>> Another idea is to ascertain what about the network stuff needs to >>>>> run >>>>> as root, and see if there are ways around the requirement. Or make >>>>> sure it drops priveleges as soon as it does whatever root magic it >>>>> needs to. >>>>> >>>>> Are you a programmer, Ken? Do you have experience in networking code >>>>> so that you could see if there's a way to make it work without >>>>> running >>>>> as root? >>>>> >>>>> -- Alan Eldridge Pmmfmffmmfmp mmmpppppffmpmfpmpppff PmpMpmMpp ppfppp >>>>> MpfpffmppmppMmpFmmMpm mfpmmmmmfpmpmpppff. >>>>> >>>>> >>>> There's a good chance that this would work. dpimp uses the tunnel >>>> driver like ppp(1). >>>> I'll go see when ppp drops privs and see if dpimp is doing the same >>>> sort of stuff. >>>> >>> ppp does just drop privs. It wrappers certain system calls to make >>> them run as root. >>> socket(2) becomes ID0socket(2) etc. I could probably just use a cut >>> down copy of >>> id.c from src/usr.sbin/ppp and patch dpimp to use it. >> >> >> >> Oops, I meant "doesn't just". Anyway I tested running klh-10 from my >> user account with just dpimp setuid root and it works just like I >> expected it too. Never hurts to test. :) > > > > ick. Kenneth uses popen(3) to run arp rather than using inline code. > not anymore: static struct { struct rt_msghdr hdr; struct sockaddr_inarp dst; struct sockaddr_dl hwa; char extra[128]; } arpmsg; int rtsock; static int seq; memset(&arpmsg, 0, sizeof arpmsg); if ((rtsock = socket(PF_ROUTE, SOCK_RAW, AF_INET)) < 0) { syserr(errno, "cannot create arp socket"); error("Cannot set ARP entry for %s %s", ip_adrsprint(ipbuf, ipa), eth_adrsprint(eabuf, eap)); return FALSE; } arpmsg.hdr.rtm_type = RTM_ADD; arpmsg.hdr.rtm_flags = RTF_ANNOUNCE | RTF_HOST | RTF_STATIC; arpmsg.hdr.rtm_version = RTM_VERSION; arpmsg.hdr.rtm_seq = ++seq; arpmsg.hdr.rtm_addrs = RTA_DST | RTA_GATEWAY; arpmsg.hdr.rtm_inits = RTV_EXPIRE; arpmsg.dst.sin_len = sizeof(struct sockaddr_inarp); arpmsg.dst.sin_family = AF_INET; memcpy( /* Copy IP addr */ (char *) &((struct sockaddr_in *)&arpmsg.dst)->sin_addr, ipa, sizeof(struct in_addr)); arpmsg.dst.sin_other = SIN_PROXY; arpmsg.hdr.rtm_msglen = (char *) &arpmsg.hwa - (char *) &arpmsg + arpmsg.hwa.sdl_len; if (write(rtsock, &arpmsg, arpmsg.hdr.rtm_msglen) < 0) { syserr(errno, "cannot add proxy arp entry"); error("Cannot set ARP entry for %s %s", ip_adrsprint(ipbuf, ipa), eth_adrsprint(eabuf, eap)); close(rtsock); return FALSE; } close(rtsock); return TRUE; This is patch-ab in the port. I sent a copy to KLH. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C419B0E.7060706>