Subject: Re: dhcpd(8) _cannot_ be completely disabled on an interface
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Andrew Brown <atatat@atatdot.net>
List: tech-security
Date: 01/08/2002 23:10:27
>>>>>>> [...IP_RECVIF...if_index...]
>
>I think it would be easy to make IP_RECVIF - or something similar,
>cloned from it, IP_RECVIFNAME maybe - give you the interface name
>instead of the number. Of course, it will be variable-size; this may
>complicate your userland code somewhat. Want me to try?
what about having it simply fill in (and return) a struct
sockaddr_storage? if you're game, go for it. i dont' have a use for
it at the moment...
>>>> [panic upon experimenting with routing sockets]
>>> I'm inclined to agree with you in this case. But when you're
>>> running as root, the "userland being able to panic the machine is
>>> always a bug" dictum is no longer really valid; consider
>>> dd if=/dev/zero of=/dev/mem.
>> yes, but there's a vast difference between "if i do this, i intend to
>> shoot myself in the foot" and "i will try this and expect the kernel
>> to protect my foot" expectations.
>
>Oh, certainly. Just remarking that I have had a great deal of trouble
>codifying that the line between "that's a bug" and "so don't do that".
sure, okay. i could argue that i was mistakenly misusing an
established interface and expecting a little protection, but i could
have gone down the same path and done the exact same thing that i
originally did with the intention of crashing the machine and gotten
what i wanted.
if you expect something of the kernel, and it doesn't live up to it
(and no, dd'ing /dev/zero into /dev/mem is *not* something you can
expect the kernel to live up to), that is, in my mind, a bug.
--
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org * "ah! i see you have the internet
twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
andrew@crossbar.com * "information is power -- share the wealth."