Re: blacklisting nodes that probe non-existant nodes

To: Roy Marples <roy%marples.name@localhost>
Subject: Re: blacklisting nodes that probe non-existant nodes
From: Christos Zoulas <christos%zoulas.com@localhost>
Date: Thu, 12 Mar 2020 09:30:06 -0400

> 
> Anyone can open PF_ROUTE and read from it or write RTM_GET.
> However, you need to have it opened as root to write any other operations.
> Do we have a means of testing that without writing to the socket?
> I'm guessing no.
> 
> I suppose we could enforce testing if SCM_CREDENTIALS passed uid root or same uid as blacklistd as running as or maybe even one that matches a rule in blacklistd.conf?
> 
> Roy

Yes, I saw that. I tried a 0 length write and I got ENOBUFS. I was going to fix
the 0 length write to be a permissions check.

christos

Attachment: signature.asc
Description: Message signed with OpenPGP

Follow-Ups:
- Re: blacklisting nodes that probe non-existant nodes
  - From: Christos Zoulas

References:
- blacklisting nodes that probe non-existant nodes
  - From: Roy Marples
- Re: blacklisting nodes that probe non-existant nodes
  - From: Christos Zoulas
- Re: blacklisting nodes that probe non-existant nodes
  - From: Roy Marples

Prev by Date: Re: blacklisting nodes that probe non-existant nodes
Next by Date: Re: blacklisting nodes that probe non-existant nodes
Previous by Thread: Re: blacklisting nodes that probe non-existant nodes
Next by Thread: Re: blacklisting nodes that probe non-existant nodes
Indexes:

Home | Main Index | Thread Index | Old Index