Subject: Re: TCPCTL_IDENT (Was: CVS commit: src/etc)
To: None <email@example.com, firstname.lastname@example.org>
From: Simon Burge <email@example.com>
Date: 05/03/2003 10:29:02
Klaus Klein wrote:
> Noriyuki Soda <firstname.lastname@example.org> writes:
> > >>>>> On Fri, 02 May 2003 23:24:58 +1000,
> > Simon Burge <email@example.com> said:
> > >> And that might open another security problem
> > >> because any user can query the owner of any TCP connection now.
> > > I don't have any idea of security implications of this. Anyone know
> > > better?
> > It has been possible before TCPCTL_IDENT, by just using /usr/bin/fstat.
> But unlike TCPCTL_IDENT, fstat can be restricted easily by changing
> its file permissions (albeit coarsely).
I'd like to commit something based on the new code, as uses the
traditional sysctl() method of passing the query only in the MIB.
I can see three ways forward:
a) Use the current patch, but has a possible security implication.
b) Add an "is root" check to give current in-tree behaviour.
c) Add a knob (sysctl, kernel compile time?) to enable non-root
I also have plans to one day convert fstat to using sysctl()s, so
we're going to strike this problem again one day.
Maybe a number of sysctl's under kern.security? These could also
control allowing non-root users to look up process info for other
Maybe b) for now and I'll look at fleshing out c)?
Simon Burge <firstname.lastname@example.org>
NetBSD Support and Service: http://www.wasabisystems.com/