Hi Alexander, 2015-08-09 14:55 GMT+02:00 Alexander Kabaev <kab...@gmail.com>: > On Sun, 9 Aug 2015 09:37:13 +0200 > It most definitely does work, this is what I have done to get my > network scripts work again. I wonder if there are other means of > restricting raw sockets that can be used to achieve the result > authors of rtsold had hoped or?
Yes, there sure are. We could for example call cap_rights_limit() on the socket and whitelist the exacty set of actions that the program needs. That said, it wouldn't make a difference in the end. It looks like rtsol/rtsold don't seem to drop any privileges or switch credentials after startup, assuming I haven't overlooked anything. Even if we were to restrict the raw socket, the process could always open a new one later on. I think it would make sense for now to just commit the patch that I proposed. Will push it into the tree tomorrow. Thanks, -- Ed Schouten <e...@nuxi.nl> Nuxi, 's-Hertogenbosch, the Netherlands KvK/VAT number: 62051717 _______________________________________________ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
