Date: Thu, 20 Sep 2001 11:36:52 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.org> To: Alfred Perlstein <bright@mu.org> Cc: Brian Somers <brian@freebsd-services.com>, Ruslan Ermilov <ru@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/net rtsock.c Message-ID: <Pine.NEB.3.96L.1010920113143.10140C-100000@fledge.watson.org> In-Reply-To: <20010920100654.W61456@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 20 Sep 2001, Alfred Perlstein wrote: > I know this change was done in the interests of security, however > traditionally, holding and using an open descriptor that was opened at a > higher privledge level is the way UNIX has worked. I think this ought > to be backed out. This is not true in a number of important cases, including the binding of low port numbers in the IP stack, in several network ioctl's (including interface configuration), IPSec policy configuration, PPP and other network pseudo-device, configration, all of which use the current process credential instead of the cached credential. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010920113143.10140C-100000>