On Tue, Apr 15, 2008 at 04:41:15PM +0200, Martin Pels wrote: > Depending on whether IP_HDRINCL is defined net_preopen() creates an > icmp and udp socket, or a single raw socket. > > If we have two sockets it is trivial to close them in > net_selectsocket(). This is actually what I did in the first version of > the patch I sent you last year (attached for completeness). > If we only have a single raw socket there is nothing we need to close. > > Closing sockets will inevitably break the GUI "u" command, because > after we drop privileges we cannot open new sockets. So maybe we should > only enable this functionality when raw sockets are available.
OK. Why then was the opening of the sockets delayed to after the parsing of the cmdline? This is the problem: Lots of complicated code which might be exploited. I feel much more comfortable passing one (or two) open sockets down the line towards the rest of the code.... Roger. -- ** [EMAIL PROTECTED] ** http://www.BitWizard.nl/ ** +31-15-2600998 ** ** Delftechpark 26 2628 XH Delft, The Netherlands. KVK: 27239233 ** *-- BitWizard writes Linux device drivers for any device you may have! --* Q: It doesn't work. A: Look buddy, doesn't work is an ambiguous statement. Does it sit on the couch all day? Is it unemployed? Please be specific! Define 'it' and what it isn't doing. --------- Adapted from lxrbot FAQ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]