Subject: Re: bin/35479: /usr/sbin/timedc fails
To: None <gnats-bugs@NetBSD.org, netbsd-bugs@NetBSD.org>
From: Christian Biere <christianbiere@gmx.de>
List: netbsd-bugs
Date: 01/25/2007 23:16:21
Woodchuck wrote:
> In other words, the OpenBSD hosts are *rejecting* a connection attempt
> from a privileged socket. That makes a certain kind of paranoid sense.
I don't see any such checks in code. Are you sure it's not just the
firewall? Also packets from unprivileged ports are certainly not more
trustworthy than those from privileged ports. If you want to differ at
all than it's rather vice-versa.
> I notice that timedc is setuid 0 on NetBSD, (obviously, to get that
> privileged socket), but is not setuid on OpenBSD (which uses an unprivileged
> one).
No, it's not just for this socket but rather for the raw socket.
> If an unprivileged socket is appropriate, then NetBSD could also
> lose the setuid property, generally a good thing to lose if unnecessary.
Can you use timedc as non-root on OpenBSD at all? I would think there's no
need to but I doubt not dropping privileges at all is better.
--
Christian