Subject: bin/21261: identd(8) broken after sysctl(3) changes
To: None <gnats-bugs@gnats.netbsd.org>
From: Matthias Scheler <tron@colwyn.zhadum.de>
List: netbsd-bugs
Date: 04/22/2003 19:12:39
>Number:         21261
>Category:       bin
>Synopsis:       identd(8) broken after sysctl(3) changes
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Apr 22 17:13:01 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     
>Release:        NetBSD 1.6R (2003-04-22 sources)
>Organization:
Matthias Scheler                                  http://scheler.de/~matthias/
>Environment:
System: NetBSD lyssa.zhadum.de 1.6R NetBSD 1.6R (LYSSA) #0: Tue Apr 22 09:49:32 CEST 2003 tron@lyssa.zhadum.de:/src/sys/compile/LYSSA i386
Architecture: i386
Machine: i386
>Description:
Recently I noticed an error like the one below in my console window for each
outgoing e-mail:

Apr 22 18:13:44 lyssa identd[292]: k_getuid: sysctl 1 (-1)

After fixing the error output in identd(8) it looked like this:

Apr 22 18:56:32 lyssa identd[3696]: k_getuid: sysctl 1: Operation not permitted

This is caused by a recent (apparently untested) modification which changes
identd(8) to use sysctl(3) from retrieving the uid of a TCP connection.
Unfortunately sysctl(3) requires "root" privileges to retrieve this
information.

>How-To-Repeat:
Connect to a service that tries a RFC 1413 lookup.

>Fix:
Possible solutions:
- Revert changes to identd(8).
- Weaken the permission checks in "kern_sysctl.c" to line 180 to allow
  non "root" users to retreive this information which probably causes
  other problems.
- Run identd(8) as "root".
>Release-Note:
>Audit-Trail:
>Unformatted: