On Tue, 12 Oct 2004, Giorgos Keramidas wrote: > On 2004-10-11 16:31, Robert Watson <[EMAIL PROTECTED]> wrote: > > + * NOTE: Regarding access control. Raw sockets may only be created by > > + * privileged processes; however, as a result of jailed processes and the > > + * ability for processes to downgrade privilege yet retain a reference to the > > + * raw socket. As such, explicit access control is required here, or when > > + * unimplemented requests are passed to ip_ctloutput(), are required there. > > Can we rewrite this descriptive comment a bit? I can't really > understand what is being said by reading the comment. Reading the diff > of the source is easy, but we should try to make the comment more > comprehensible too ;-)
Maybe something like the following: * IMPORTANT NOTE regarding access control: Traditionally, raw sockets * could only be created by a privileged process, and as such, socket * option operations to manage system properties on any raw socket were * allowed to take place without explicit additional access control * checks. However, raw sockets can now also be created in jail(), and * therefore explicit checks are now required. Likewise, raw sockets can * be used by a process after it gives up privilege, so some caution is * required. For options passed down to the IP layer via ip_ctloutput(), * checks are assumed to be performed in ip_ctloutput() and therefore no * check occurs here. Unilaterally checking suser() here breaks normal IP * socket option operations on raw sockets. * * When adding new socket options here, make sure to add access control * checks here as necessary. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects [EMAIL PROTECTED] Principal Research Scientist, McAfee Research _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
