Date: Fri, 16 Aug 1996 22:40:18 +0200 (MET DST) From: J Wunsch <j@uriah.heep.sax.de> To: freebsd-hackers@freebsd.org (FreeBSD hackers) Cc: jgreco@brasil.moneng.mei.com (Joe Greco) Subject: Re: Routed supports variable-length netmasks? Message-ID: <199608162040.WAA07230@uriah.heep.sax.de> In-Reply-To: <199608161610.LAA15418@brasil.moneng.mei.com> from Joe Greco at "Aug 16, 96 11:10:53 am"
next in thread | previous in thread | raw e-mail | index | archive | help
As Joe Greco wrote: > I found under FreeBSD, um, I think 2.0.5R that this didn't work real well > because route did additional checks for root permissions (I believe I got > around it by forcing the uid and euid to 0, or something like that). I've also noticed this, and even intended to ``fix'' it some day. Anyway, when i was ready with the ``fix'', i noticed that i was just about to actually break it... route does already run setuid root, in order to work with the routing socket. So it tests for the real UID of superuser to decide whether it is allowed to _manipulate_ routes. So everybody can do a ``route get'', but only processes with a real UID of 0 can ``route add''. If the calling processes effective UID is already 0, it is free to also change the real UID to 0 before calling `route' -- much unlike a regular user, who is not allowed to do this. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608162040.WAA07230>