On Wed, Jul 29, 2020 at 09:05:14AM -0600, Theo de Raadt wrote: > Claudio Jeker <[email protected]> wrote: > > But: > > $ route -T2 exec id -R > > 2 > > $ route -T2 exec route -T0 exec id -R > > route: setrtable: Operation not permitted > > > > Only root can change the rdomain if it is currently != 0. > > That worry was stated in my email, but not so accurately, thank you. > So now you can't make a rdomain-0 !command in the global scope. Indeed, my example was incomplete, but as netstart(8) runs as root this is not a problem - unless of course `!' commands do stuff as unprivileged users in foreign routing domains.
With that in mind, I'm getting more convinced that forcing the routing domain in hostname.if(5) is not feasible.
