On 23-Dec-1999 Tomi Manninen wrote:
> On Thu, 23 Dec 1999, Leszek A. Szczepanowski wrote:
>
>> Is ANY posibility to use unproto list (raw socket), running
>> FBB as ordinal user, not root? I was looking in kernel
>> sources, and found in AF_AX25 there is one 'suser' function
>> checking if user has priviledges to open such a socket.
>> I think it is uneseseary there, security solutions in this
>> case aren't needed! What a stupid reason. If I'll make
>> patch, to open raw socket for AX25 by any user, it will
>> be placed on this list.
>
> Please don't distribute such bugs on this list. There are good reasons for
> why the unix security model is as it is. Besides, doing what you want
> (running FBB as non-root) would be fairly simple to do the right way. If
> you want to be usefull, just help Jean-Paul in doing that.
>
Erm.. a "bug"? I am not at all sure that this is a "bug". I also cannot, for
the life of me, see why a "feature" of this sort cannot be discussed here.
I would like to hear the reasons why this feature is "root only", especially
bearing in mind that computers running ax25 should be amateur use only.
Running ax25 stacks on "commercially sensitive" machines especially with
ax25 programs running as root (UI generating or not) strikes me a security
exploit waiting to happen!
For the record, I too would like to be able to both receive and generate
UI frames from programs that are non-root. This is going to become an issue
during the course of the year with my DXSpider cluster program.
Dirk G1TLH
PS Anyone done a IO::Socket::AX25 for perl yet? Shall I do one?
--
Dirk-Jan Koopman, Tobit Computer Co Ltd
At the source of every error which is blamed on the computer you will find
at least two human errors, including the error of blaming it on the computer.
