tech-kern: Re: TCPCTL_IDENT (Was: CVS commit: src/etc)

Subject: Re: TCPCTL_IDENT (Was: CVS commit: src/etc)
To: Simon Burge <simonb@wasabisystems.com>
From: Matthias Scheler <tron@zhadum.de>
List: tech-kern
Date: 05/02/2003 15:04:54

On Fri, May 02, 2003 at 10:53:20PM +1000, Simon Burge wrote:
> IMHO this isn't the right fix;

It's definitely not the best but it is a fix. The original submitter of
the TCPCTL_IDENT sysctl() unfortunately simply ignored the regression
caused by this.

> ... it's the TCPCTL_IDENT sysctl that is broken.

Yes, I agree. But fixing it isn't trivial.

> The sysctl uses the newp arg to pass input to lookup the pcb
> which is not how sysctl() is supposed to work.

I realized that.

> The following patch changes the sysctl to using only the mib for the
> query and works with "nobody:kmem" in /etc/inetd.conf.

Does it really need group "kmem"? I don't see anything in this patch
which enforces it. And that might open another security problem
because any user can query the owner of any TCP connection now.

	Kind regards

-- 
Matthias Scheler                                  http://scheler.de/~matthias/