On Tue, 12 Oct 2004, Christian S.J. Peron wrote: > First off, allow me to apologize for the delay, I have been away for > Thanks giving weekend. This patch looks like it fixes most of the > problems. I should have thought of this when I committed the credential > checks, sorry about that! > > I am testing this patch right now, and I will report any success > failures I experience.
No problem on the delay, and thanks for testing. It appears to resolve the problem for me locally (for example, mtrace now works as non-root. My primary concern with the fix is making sure it doesn't introduce security holes -- i.e., I didn't miss any cases to put a suser() in front of, etc, or implications of passing it down to in_control() without further checks. As we discussed when starting the work to refine the raw socket protections, the implications of these changes can be very subtle but pretty significant, so requires a lot of thinking and testing :-). Thanks! Robert N M Watson FreeBSD Core Team, TrustedBSD Projects [EMAIL PROTECTED] Principal Research Scientist, McAfee Research _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
