>> On a related topic, there appears to be a code error in the
>> IPSEC code.
>>
>> Specifically, the priv flag is set to 1 if the user is root
>> and the socket is non-null (this lets the code be called
>> from the bridging code as well, so ignore the first half of
>> the "if" test, and concentrate on the "uid == 0" test).
>>
>> In the code that examines this flag, the comment is that it
>> is looking at whether or not the port is a priviledged port,
>> not whether or not the user who owns it is root.
>>
>> This implies that the "rootness" check improperly flags any
>> ports opened by root, regardless of whether or not they are
>> priviledged ports.
no, i guess you got something wrong. "uid == 0" check is used in ipsec
code to control the behavior of policy lookups. it has nothing to do
with "privileged port" (port number < 1024).
if you need more discussions you'd need to specify the line numberes
for the code you are worrying about.
itojun
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
