In article <f774484b-a4ff-46dc-a925-4ba5f62bf...@zoulas.com>, Christos Zoulas <chris...@zoulas.com> wrote: >-=-=-=-=-=- > > >> >> Anyone can open PF_ROUTE and read from it or write RTM_GET. >> However, you need to have it opened as root to write any other operations. >> Do we have a means of testing that without writing to the socket? >> I'm guessing no. >> >> I suppose we could enforce testing if SCM_CREDENTIALS passed uid root >or same uid as blacklistd as running as or maybe even one that matches a >rule in blacklistd.conf? >> >> Roy > >Yes, I saw that. I tried a 0 length write and I got ENOBUFS. I was going to fix >the 0 length write to be a permissions check.
Actually there is a better way; we can issue an invalid request :-) christos
