Re: Proposed change to route(4) sockets to make them available to non-superuser
From: Garrett Wollman (wollman@khavrinen.lcs.mit.edu)
Date: 08/30/01
- Next message: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-01:58.lpd"
- Previous message: Garrett Wollman: "why does telnetd run as root?"
- In reply to: Ruslan Ermilov: "Re: Proposed change to route(4) sockets to make them available to non-superuser"
- Next in thread: Ronan Lucio: "Jail question"
- Reply: Ronan Lucio: "Jail question"
- Reply: Robert Watson: "Re: Proposed change to route(4) sockets to make them available to non-superuser"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Aug 2001 14:20:16 -0400 (EDT) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: Ruslan Ermilov <ru@FreeBSD.ORG>
<<On Thu, 30 Aug 2001 20:41:32 +0300, Ruslan Ermilov <ru@FreeBSD.ORG> said:
> + if (rtm->rtm_type != RTM_GET && so->so_cred->cr_uid != 0)
> + senderr(EACCES);
I'm certain rwatson would object to this. suser_xxx() allows checking
on the basis of credentials rather than a process, so that's what
should be used. In any case, the correct error is EPERM, not EACCES.
-GAWollman
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-01:58.lpd"
- Previous message: Garrett Wollman: "why does telnetd run as root?"
- In reply to: Ruslan Ermilov: "Re: Proposed change to route(4) sockets to make them available to non-superuser"
- Next in thread: Ronan Lucio: "Jail question"
- Reply: Ronan Lucio: "Jail question"
- Reply: Robert Watson: "Re: Proposed change to route(4) sockets to make them available to non-superuser"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
