Date: Sun, 13 Jan 2002 09:34:54 -0500 From: Ken Stailey <kstailey@surfbest.net> Cc: freebsd-ports@FreeBSD.ORG Subject: Re: ports/33818: Bootable ITS image for KLH-10 PDP-10 emulator Message-ID: <3C419B0E.7060706@surfbest.net> References: <200201130013.DAA11901@aaz.links.ru> <3C40D184.1000702@surfbest.net> <20020113061333.GA74245@wwweasel.geeksrus.net> <20020113061850.GA74363@wwweasel.geeksrus.net> <3C417E40.9000504@surfbest.net> <3C41827D.5060908@surfbest.net> <3C4185DE.3020506@surfbest.net> <3C418B8D.3080506@surfbest.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Ken Stailey wrote:
> Ken Stailey wrote:
>
>>
>> Ken Stailey wrote:
>>
>>> Ken Stailey wrote:
>>>
>>>> Alan Eldridge wrote:
>>>>
>>>>> Another idea is to ascertain what about the network stuff needs to
>>>>> run
>>>>> as root, and see if there are ways around the requirement. Or make
>>>>> sure it drops priveleges as soon as it does whatever root magic it
>>>>> needs to.
>>>>>
>>>>> Are you a programmer, Ken? Do you have experience in networking code
>>>>> so that you could see if there's a way to make it work without
>>>>> running
>>>>> as root?
>>>>>
>>>>> -- Alan Eldridge Pmmfmffmmfmp mmmpppppffmpmfpmpppff PmpMpmMpp ppfppp
>>>>> MpfpffmppmppMmpFmmMpm mfpmmmmmfpmpmpppff.
>>>>>
>>>>>
>>>> There's a good chance that this would work. dpimp uses the tunnel
>>>> driver like ppp(1).
>>>> I'll go see when ppp drops privs and see if dpimp is doing the same
>>>> sort of stuff.
>>>>
>>> ppp does just drop privs. It wrappers certain system calls to make
>>> them run as root.
>>> socket(2) becomes ID0socket(2) etc. I could probably just use a cut
>>> down copy of
>>> id.c from src/usr.sbin/ppp and patch dpimp to use it.
>>
>>
>>
>> Oops, I meant "doesn't just". Anyway I tested running klh-10 from my
>> user account with just dpimp setuid root and it works just like I
>> expected it too. Never hurts to test. :)
>
>
>
> ick. Kenneth uses popen(3) to run arp rather than using inline code.
>
not anymore:
static struct {
struct rt_msghdr hdr;
struct sockaddr_inarp dst;
struct sockaddr_dl hwa;
char extra[128];
} arpmsg;
int rtsock;
static int seq;
memset(&arpmsg, 0, sizeof arpmsg);
if ((rtsock = socket(PF_ROUTE, SOCK_RAW, AF_INET)) < 0) {
syserr(errno, "cannot create arp socket");
error("Cannot set ARP entry for %s %s",
ip_adrsprint(ipbuf, ipa),
eth_adrsprint(eabuf, eap));
return FALSE;
}
arpmsg.hdr.rtm_type = RTM_ADD;
arpmsg.hdr.rtm_flags = RTF_ANNOUNCE | RTF_HOST | RTF_STATIC;
arpmsg.hdr.rtm_version = RTM_VERSION;
arpmsg.hdr.rtm_seq = ++seq;
arpmsg.hdr.rtm_addrs = RTA_DST | RTA_GATEWAY;
arpmsg.hdr.rtm_inits = RTV_EXPIRE;
arpmsg.dst.sin_len = sizeof(struct sockaddr_inarp);
arpmsg.dst.sin_family = AF_INET;
memcpy( /* Copy IP addr */
(char *) &((struct sockaddr_in *)&arpmsg.dst)->sin_addr,
ipa, sizeof(struct in_addr));
arpmsg.dst.sin_other = SIN_PROXY;
arpmsg.hdr.rtm_msglen = (char *) &arpmsg.hwa - (char *) &arpmsg
+ arpmsg.hwa.sdl_len;
if (write(rtsock, &arpmsg, arpmsg.hdr.rtm_msglen) < 0) {
syserr(errno, "cannot add proxy arp entry");
error("Cannot set ARP entry for %s %s",
ip_adrsprint(ipbuf, ipa),
eth_adrsprint(eabuf, eap));
close(rtsock);
return FALSE;
}
close(rtsock);
return TRUE;
This is patch-ab in the port. I sent a copy to KLH.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C419B0E.7060706>