On Tue, Apr 15, 2008 at 05:56:36PM +0200, Martin Pels wrote:
> On Tue, 15 Apr 2008 17:15:18 +0200
> Rogier Wolff <[EMAIL PROTECTED]> wrote:
>
> > On Tue, Apr 15, 2008 at 04:41:15PM +0200, Martin Pels wrote:
> > > Depending on whether IP_HDRINCL is defined net_preopen() creates an
> > > icmp and udp socket, or a single raw socket.
> > >
> > > If we have two sockets it is trivial to close them in
> > > net_selectsocket(). This is actually what I did in the first
> > > version of the patch I sent you last year (attached for
> > > completeness). If we only have a single raw socket there is nothing
> > > we need to close.
> > >
> > > Closing sockets will inevitably break the GUI "u" command, because
> > > after we drop privileges we cannot open new sockets. So maybe we
> > > should only enable this functionality when raw sockets are
> > > available.
> >
> > OK. Why then was the opening of the sockets delayed to after the
> > parsing of the cmdline? This is the problem: Lots of complicated code
> > which might be exploited. I feel much more comfortable passing one (or
> > two) open sockets down the line towards the rest of the code....
>
> It is not. We open sockets on line 290, drop privileges on line
> 295 and start parsing options and arguments on line 310.
In my version we currently open sockets on line 327, drop permissions
on line 333, and call srand and further things around 345. Which
version are you looking at. (I'm in my 0.74 directory, which is
currently the same as the released 0.73. )
Roger.
--
** [EMAIL PROTECTED] ** http://www.BitWizard.nl/ ** +31-15-2600998 **
** Delftechpark 26 2628 XH Delft, The Netherlands. KVK: 27239233 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
Q: It doesn't work. A: Look buddy, doesn't work is an ambiguous statement.
Does it sit on the couch all day? Is it unemployed? Please be specific!
Define 'it' and what it isn't doing. --------- Adapted from lxrbot FAQ
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
