Subject: Re: TCPCTL_IDENT (Was: CVS commit: src/etc)
To: Simon Burge <firstname.lastname@example.org>
From: Matthias Scheler <email@example.com>
Date: 05/02/2003 15:04:54
On Fri, May 02, 2003 at 10:53:20PM +1000, Simon Burge wrote:
> IMHO this isn't the right fix;
It's definitely not the best but it is a fix. The original submitter of
the TCPCTL_IDENT sysctl() unfortunately simply ignored the regression
caused by this.
> ... it's the TCPCTL_IDENT sysctl that is broken.
Yes, I agree. But fixing it isn't trivial.
> The sysctl uses the newp arg to pass input to lookup the pcb
> which is not how sysctl() is supposed to work.
I realized that.
> The following patch changes the sysctl to using only the mib for the
> query and works with "nobody:kmem" in /etc/inetd.conf.
Does it really need group "kmem"? I don't see anything in this patch
which enforces it. And that might open another security problem
because any user can query the owner of any TCP connection now.
Matthias Scheler http://scheler.de/~matthias/