Re: blacklisting nodes that probe non-existant nodes

To: tech-userlevel%netbsd.org@localhost
Subject: Re: blacklisting nodes that probe non-existant nodes
From: christos%astron.com@localhost (Christos Zoulas)
Date: Fri, 13 Mar 2020 16:17:05 -0000 (UTC)

In article <F774484B-A4FF-46DC-A925-4BA5F62BFBAA%zoulas.com@localhost>,
Christos Zoulas  <christos%zoulas.com@localhost> wrote:
>-=-=-=-=-=-
>
>
>> 
>> Anyone can open PF_ROUTE and read from it or write RTM_GET.
>> However, you need to have it opened as root to write any other operations.
>> Do we have a means of testing that without writing to the socket?
>> I'm guessing no.
>> 
>> I suppose we could enforce testing if SCM_CREDENTIALS passed uid root
>or same uid as blacklistd as running as or maybe even one that matches a
>rule in blacklistd.conf?
>> 
>> Roy
>
>Yes, I saw that. I tried a 0 length write and I got ENOBUFS. I was going to fix
>the 0 length write to be a permissions check.

Actually there is a better way; we can issue an invalid request :-)

christos

References:
- blacklisting nodes that probe non-existant nodes
  - From: Roy Marples
- Re: blacklisting nodes that probe non-existant nodes
  - From: Christos Zoulas
- Re: blacklisting nodes that probe non-existant nodes
  - From: Roy Marples
- Re: blacklisting nodes that probe non-existant nodes
  - From: Christos Zoulas

Prev by Date: Re: blacklisting nodes that probe non-existant nodes
Next by Date: recent terminfo changes
Previous by Thread: Re: blacklisting nodes that probe non-existant nodes
Next by Thread: recent terminfo changes
Indexes:

Home | Main Index | Thread Index | Old Index