IP_NONLOCALOK improvements.
John Baldwin
jhb at freebsd.org
Wed May 27 15:42:29 UTC 2009
On Wednesday 27 May 2009 2:51:21 am Pawel Jakub Dawidek wrote:
> > I know how useful this is to have, (from my own experience)
> > but feel strongly that this is pretty bad behaviour for most systems
> > and can facilitate all sorts security worries.
>
> Well, this is behaviour is similar to adding an IP address to an
> interface and binding to that address. There is even no securelevel that
> denies modifing interfaces, so in my opinion if one needs to explicitly
> ask for this to be enabled for a socket and one needs a special
> privilege to do it, it should be enough protection to make user's live a
> bit less complex by not requiring kernel recompilation and sysctl
> modification.
>
> I'm not sure if this was on purpose, but currently even unprivileged
> user can use this functionality if the sysctl is on, which I find hard
> to accept. Having this always enabled and requiring a privilege is IMHO
> more secure than allowing anyone to use it once the sysctl is on.
> But again, combining the two (privilege and sysctl) is redundant IMHO.
I think it is fine to have it in the kernel by default if it is restricted by
privilege. I also agree that a root user could already accomplish this by
adding an alias to the desired interface and then binding the socket (and
then removing the alias if desired).
--
John Baldwin
More information about the freebsd-arch
mailing list