why required root privileges to set multicast options now?
Robert Watson
rwatson at freebsd.org
Sun Oct 10 08:11:39 PDT 2004
On Sun, 10 Oct 2004 swp at swp.pp.ru wrote:
> FreeBSD 5.3-BETA7 Sun Oct 10 18:50:14 OMSST 2004
>
> ospfd (net/quagga from ports) run with credentials of quagga:quagga and
> unable to set multicast options now.
>
> OSPF: can't setsockopt IP_ADD_MEMBERSHIP (AllSPFRouters): \
> Operation not permitted
> OSPF: can't setsockopt IP_MULTICAST_LOOP(0): Operation not permitted
> OSPF: can't setsockopt IP_MULTICAST_TTL(1): Operation not permitted
> OSPF: can't setsockopt IP_MULTICAST_IF: Operation not permitted
>
> 5.2-CURRENT and 5.2.1 have no problem.
This appears to have been introduced as a result of changes to permit root
to bind raw sockets in jail. In particular, the likely control flow path
to get the above errors was to perform setsockopt() on a UDP socket, which
probaly works its way down to in_control() to ip_ctloutput(). This would
also explain why sdr stopped working for me a little while ago (I figured
it was a bad package build). I've CC'd Christian as he might have some
insight into how to clean this up.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Principal Research Scientist, McAfee Research
More information about the freebsd-net
mailing list