Integrate fping into Solaris [PSARC/2008/160 FastTrack timeout 03/05/2008]
Dan Hain
dan.hain at sun.com
Mon Mar 3 14:39:13 PST 2008
Scott Rotondo wrote:
> Gary Winiger wrote:
>>> Security Impact:
>>>
>>> The original code base used a raw socket to communicate and
>>> required root
>>> access (geteuid() == 0). This has been modified to call
>>> priv_ineffect(PRIV_NET_ICMPACCESS)
>>> All uses of geteuid/getuid/seteuid have been compiled out.
>>
>> I'm not sure what is being said here. If the code is checking
>> that it inherits net_icmpaccess, it shouldn't. It should just
>> make the system calls. If they fail, give a diagnostic and exit.
>
> Indeed. Sorry if my previous comment was unclear on this point.
>
> The man page should document the required privileges, but the code
> should just assume it has the necessary privileges, make the system
> calls, and report the errors that occur.
>
> Scott
My misunderstanding, thank you for clarifying that. The check has been
removed, and operation verified. I've updated the proposal to
identify that net_icmpaccess is required, and the man page has been
updated.
Thanks!
--
Dan Hain
Solaris Revenue Product Engineering (RPE)
http://namefinder/NameFinder?nfquery=-s+88796
--------------------------------------------------------------
NOTICE: This email message is for the sole use of the
intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are
not the intended recipient, please contact the sender
by reply email and destroy all copies of the original message.
--------------------------------------------------------------
More information about the opensolaris-arc
mailing list