misc/64694: UID/GID matching in ipfw non-functional

[Robert Watson]

The following reply was made to PR misc/64694; it has been noted by GNATS.

From: Robert Watson <rwatson at FreeBSD.org>
To: Grant Millar <Co0lkizz at btinternet.com>
Cc: freebsd-gnats-submit at FreeBSD.org
Subject: Re: misc/64694: UID/GID matching in ipfw non-functional
Date: Mon, 29 Mar 2004 13:33:21 -0500 (EST)

 On Sat, 27 Mar 2004, Grant Millar wrote:
 
 >  Here is the ssh socket showing it owned by root;
 >  sshd     4722  root    5u  IPv4 0xdcd94940      0t0  TCP
 >  66.90.98.2:ssh->host81-128-227-64.inaddr.btopenworld.com:22804
 >  (ESTABLISHED)
 
 sshd and httpd sockets are owned by root because these daemons bind the
 sockets while running with root privilege, and the "owner" of a socket is
 its creator.  This is a necessary evil for at least a couple of reasons,
 including the following: a single socket may be referenced by many
 processes, and therefore there is no notion of a "current process using
 socket", so the only consistent notion is the creator.  This was an
 intentional design choice by the designers of the sockets API, who chose
 to represent network endpoints as file-like objects, and the existing UNIX
 APIs allow file object references to be inheritted and transfered from
 process to process (and be shared).
 
 There's arguably a bug, however, in sshd: while the primary port 22
 binding is necessarily created by a root process due to the UNIX notion of
 privilege, the SHS "forwarded ports" do *not* need to be bound by the root
 user.  It's a bug in sshd that it creates the sockets before switching to
 the user credential; I've previously reported this bug to the SSH authors
 but have not seen a response on that. 
 
 Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
 robert at fledge.watson.org      Senior Research Scientist, McAfee Research