>> On a related topic, there appears to be a code error in the >> IPSEC code. >> >> Specifically, the priv flag is set to 1 if the user is root >> and the socket is non-null (this lets the code be called >> from the bridging code as well, so ignore the first half of >> the "if" test, and concentrate on the "uid == 0" test). >> >> In the code that examines this flag, the comment is that it >> is looking at whether or not the port is a priviledged port, >> not whether or not the user who owns it is root. >> >> This implies that the "rootness" check improperly flags any >> ports opened by root, regardless of whether or not they are >> priviledged ports.
no, i guess you got something wrong. "uid == 0" check is used in ipsec code to control the behavior of policy lookups. it has nothing to do with "privileged port" (port number < 1024). if you need more discussions you'd need to specify the line numberes for the code you are worrying about. itojun To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message