svn commit: r186955 - in head/sys: conf netinet

Max Laier max at love2party.net
Fri Jan 9 10:09:03 PST 2009 

On Friday 09 January 2009 18:46:06 Julian Elischer wrote:
> Max Laier wrote:
> > On Friday 09 January 2009 17:02:19 Adrian Chadd wrote:
> >> Author: adrian
> >> Date: Fri Jan  9 16:02:19 2009
> >> New Revision: 186955
> >> URL: http://svn.freebsd.org/changeset/base/186955
> >>
> >> Log:
> >>   Implement a new IP option (not compiled/enabled by default) to allow
> >>   applications to specify a non-local IP address when bind()'ing a
> >> socket to a local endpoint.
> >
> > That's a *socket* option ... you had me very worried there for a moment
> > ;)  I don't quite see why you'd hide these under a build time option -
> > having the sysctl defaulting to off under CTLFLAG_SECURE seems good
> > enough - if people disagree - make it a boot time tuneable, but I
> > certainly don't see why you should have to rebuild the kernel for a minor
> > thing like this.  It certainly isn't performance critical.
>
> because it can be a big security hole and you do not want people to
> have it available on the average machine.
> Also because purists complained about it.
> You'll notice that the compile option enables the sysctl,
> which is used to turn on and off the capacity to do this per socket.
> so the admin can disable it, but I felt a lot more comfortable having
> it not compiled in by default.

Speaking of disabling it ... setting the sysctl to 0 is not really enough to 
do that.  One would also have to walk through the active sockets and GC any 
that are bound to nonlocal addresses to really disable it ... or do we rely on 
tcpdrop or the like to do that manually?  Of course it would make sense to 
have something like this:  start tproxy, bind forwarding ports, disable 
sysctl, raise securelevel

In addition, should there be a priv(9) check in ip_ctloutput?

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

More information about the svn-src-all mailing list