Subject: Re: TCPCTL_IDENT (Was: CVS commit: src/etc)
To: Simon Burge <>
From: Matthias Scheler <>
List: tech-kern
Date: 05/02/2003 15:04:54
On Fri, May 02, 2003 at 10:53:20PM +1000, Simon Burge wrote:
> IMHO this isn't the right fix;

It's definitely not the best but it is a fix. The original submitter of
the TCPCTL_IDENT sysctl() unfortunately simply ignored the regression
caused by this.

> ... it's the TCPCTL_IDENT sysctl that is broken.

Yes, I agree. But fixing it isn't trivial.

> The sysctl uses the newp arg to pass input to lookup the pcb
> which is not how sysctl() is supposed to work.

I realized that.

> The following patch changes the sysctl to using only the mib for the
> query and works with "nobody:kmem" in /etc/inetd.conf.

Does it really need group "kmem"? I don't see anything in this patch
which enforces it. And that might open another security problem
because any user can query the owner of any TCP connection now.

	Kind regards

Matthias Scheler