Subject: Re: TCPCTL_IDENT (Was: CVS commit: src/etc)
To: None <,>
From: Simon Burge <>
List: tech-kern
Date: 05/03/2003 10:29:02
Klaus Klein wrote:

> Noriyuki Soda <> writes:
> > >>>>> On Fri, 02 May 2003 23:24:58 +1000,
> > 	Simon Burge <> said:
> > 
> > >> And that might open another security problem
> > >> because any user can query the owner of any TCP connection now.
> > 
> > > I don't have any idea of security implications of this.  Anyone know
> > > better?
> > 
> > It has been possible before TCPCTL_IDENT, by just using /usr/bin/fstat.
> But unlike TCPCTL_IDENT, fstat can be restricted easily by changing
> its file permissions (albeit coarsely).


I'd like to commit something based on the new code, as uses the
traditional sysctl() method of passing the query only in the MIB.

I can see three ways forward:

 a)  Use the current patch, but has a possible security implication.

 b)  Add an "is root" check to give current in-tree behaviour.

 c)  Add a knob (sysctl, kernel compile time?) to enable non-root

I also have plans to one day convert fstat to using sysctl()s, so
we're going to strike this problem again one day.

Maybe a number of sysctl's under  These could also
control allowing non-root users to look up process info for other
users, etc...

Maybe b) for now and I'll look at fleshing out c)?

Simon Burge                            <>
NetBSD Support and Service: