Date: Thu, 20 Sep 2001 14:09:05 -0500 From: Alfred Perlstein <bright@mu.org> To: Robert Watson <rwatson@FreeBSD.org> Cc: Brian Somers <brian@freebsd-services.com>, Ruslan Ermilov <ru@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/net rtsock.c Message-ID: <20010920140905.Z61456@elvis.mu.org> In-Reply-To: <Pine.NEB.3.96L.1010920113143.10140C-100000@fledge.watson.org>; from rwatson@FreeBSD.org on Thu, Sep 20, 2001 at 11:36:52AM -0400 References: <20010920100654.W61456@elvis.mu.org> <Pine.NEB.3.96L.1010920113143.10140C-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
* Robert Watson <rwatson@FreeBSD.org> [010920 10:38] wrote: > > On Thu, 20 Sep 2001, Alfred Perlstein wrote: > > > I know this change was done in the interests of security, however > > traditionally, holding and using an open descriptor that was opened at a > > higher privledge level is the way UNIX has worked. I think this ought > > to be backed out. > > This is not true in a number of important cases, including the binding of > low port numbers in the IP stack, in several network ioctl's (including > interface configuration), IPSec policy configuration, PPP and other > network pseudo-device, configration, all of which use the current process > credential instead of the cached credential. Good point. Although this causes a problem when you trust a helper app to do the right thing when handed a filedescriptor referencing a privledged object. Your call, I just wanted to bring it up for consideration, I'm too busy lately to have strong feelings about these things. :) -- -Alfred Perlstein [alfred@freebsd.org] 'Instead of asking why a piece of software is using "1970s technology," start asking why software is ignoring 30 years of accumulated wisdom.' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010920140905.Z61456>