Integrate fping into Solaris [PSARC/2008/160 FastTrack timeout 03/05/2008]
Bart Blanquart
Bart.Blanquart at sun.com
Thu Feb 28 10:39:50 PST 2008
On 28 Feb 2008, at 19:00, Dan Hain wrote:
> Casper.Dik at Sun.COM wrote:
>>> The effective uid must be root to run the program. In addition,
>>> if the "-f" flag is specified, you really have to be root.
>> That is incorrect. (At least, it is bad for the program to
>> enforce this;
>> it MUST just attempt the system calls and have those fail or
>> verify privileges but that is a relatively poor choice).
>>
> All the "-f" protects are the fopen(), fgets(), fclose() for
> reading the specified file.
>>
>> Which privileges does it need for which functions?
>>
> 1. geteuid() == 0, open raw socket, then the euid is reset
> immediately: seteuid( getuid() )
It should just try opening the raw socket. The uid itself does not
indicate if opening the socket will succeed (or if it is allowed),
the privileges the process has determine that.
> 2. Subsequent parsing of the command line then checks getuid() == 0
> if the "-f" option is specified.
> 3. getuid()==0 is also checked if:
> interval specified is less than 1 second ("-i" option)
> per host interval is less than 2 seconds ("-p" option)
> timeout interval is less than 5 seconds ("-t" option)
> retry limit is greater than 20 ("-r" option)
These sound as though, if they're needed at all, they should be
replaced with one or more authorization checks.
(cf. chkauthattr(3SECDB))
Bart
More information about the opensolaris-arc
mailing list