IP options broken for raw sockets on cred downgrade (was: Re:
why required root privileges to set multicast options now?)
Robert Watson
rwatson at freebsd.org
Tue Oct 12 01:46:54 PDT 2004
On Tue, 12 Oct 2004, Christian S.J. Peron wrote:
> First off, allow me to apologize for the delay, I have been away for
> Thanks giving weekend. This patch looks like it fixes most of the
> problems. I should have thought of this when I committed the credential
> checks, sorry about that!
>
> I am testing this patch right now, and I will report any success
> failures I experience.
No problem on the delay, and thanks for testing. It appears to resolve
the problem for me locally (for example, mtrace now works as non-root. My
primary concern with the fix is making sure it doesn't introduce security
holes -- i.e., I didn't miss any cases to put a suser() in front of, etc,
or implications of passing it down to in_control() without further checks.
As we discussed when starting the work to refine the raw socket
protections, the implications of these changes can be very subtle but
pretty significant, so requires a lot of thinking and testing :-).
Thanks!
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Principal Research Scientist, McAfee Research
More information about the freebsd-net
mailing list