IP_NONLOCALOK improvements.

John Baldwin jhb at freebsd.org
Wed May 27 15:42:29 UTC 2009

On Wednesday 27 May 2009 2:51:21 am Pawel Jakub Dawidek wrote:
> > I know how useful this is to have, (from my own experience)
> > but feel strongly that this is pretty bad behaviour for most systems
> > and can facilitate all sorts security worries.
> Well, this is behaviour is similar to adding an IP address to an
> interface and binding to that address. There is even no securelevel that
> denies modifing interfaces, so in my opinion if one needs to explicitly
> ask for this to be enabled for a socket and one needs a special
> privilege to do it, it should be enough protection to make user's live a
> bit less complex by not requiring kernel recompilation and sysctl
> modification.
> I'm not sure if this was on purpose, but currently even unprivileged
> user can use this functionality if the sysctl is on, which I find hard
> to accept. Having this always enabled and requiring a privilege is IMHO
> more secure than allowing anyone to use it once the sysctl is on.
> But again, combining the two (privilege and sysctl) is redundant IMHO.

I think it is fine to have it in the kernel by default if it is restricted by 
privilege.  I also agree that a root user could already accomplish this by 
adding an alias to the desired interface and then binding the socket (and 
then removing the alias if desired).

John Baldwin

More information about the freebsd-arch mailing list