DragonFly commits List (threaded) for 2008-07
DragonFly BSD
DragonFly commits List (threaded) for 2008-07
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: cvs commit: src/sys/netinet raw_ip.c


From: Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>
Date: Sat, 5 Jul 2008 11:29:49 -0700 (PDT)

:>     sys/netinet          raw_ip.c 
:>   Log:
:>   Fix [gs]etsockopt(IP_HDRINCL) which allows mere mortals like me to obtain
:>   IP addresses via DHCP again.
:
:Great. Only, it turns out the whole approach is flawed. Setting sopt_td to
:NULL may help with fooling sooptcopy{in,out} but some code uses the field
:to do permission checks. The obvious fix is to add ->sopt_flags and SOPTF_KVA
:and make sure no code in the tree leaves the new field uninitialized (lecture
:on why open-coding stuff is BAD ommitted). This means that soopt_{from,to}_*
:can go. This patch should do the trick; unless testing reveals some issue
:I'm going to revert my changes from HEAD and put it in ASAP so it can get
:wider testing before the release.
:
:Sorry for the inconvenience,
:Aggelos

    It kinda sounds to me that the front-end system call should do all the
    copyin/copyout into and out of kernel space and the backend protocol
    code should just operate in the kernel space.  The system call can
    pass a ucred to the backend for permissions checks.

    That would be more along the lines of what we do with our kern_*()
    calls.

						-Matt



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]