From: "Carl Smith" <email@hidden>
To: <email@hidden>
Subject: Change to root uid
Date: Tue, 15 Feb 2005 10:23:14 -0500
Thanks for the reply Peter. Yes I guess I was too general in my
description.
What I am trying to accomplish is to have my NKE sending packet statistic
to a userland/client application. Seeing as how I want this userland
application to be assessable by who ever signs on to the Mac I do not want
to limit the ability of my userland application to talk to my NKE.
I register my NKE as following:
"
struct kern_ctl_reg AFctl_reg;
bzero(&AFctl_reg, sizeof(AFctl_reg));
AFctl_reg.ctl_id = AFMAC_KERN_ID;
AFctl_reg.ctl_unit = 0;
AFctl_reg.ctl_flags = CTL_FLAG_PRIVILEGED;
AFctl_reg.ctl_sendsize = 0;
AFctl_reg.ctl_recvsize = 0;
AFctl_reg.ctl_connect = AFKernConnect;
AFctl_reg.ctl_disconnect = AFKernDisconnect;
AFctl_reg.ctl_write = AFClientKernXWrite;
AFctl_reg.ctl_set = NULL;
AFctl_reg.ctl_get = AFKernGet;
static kern_ctl_ref ctlref = 0; /* Reference of the kernel controller */
nReturn = ctl_register(&AFctl_reg, 0, &ctlref);
"
Then in user land I make the connection to the NKE as follows:
"
u_int32t unit = 0;
int fd;
int result = 1;
Struct sockaddr_ctl addr:
Bzero(&addr, sizeof(addr));
addr.sc_len = sizeof(addr);
addr.sc_Family = AF_SYSTEM;
addr.ss_sysaddr = AF_SYS_CONTROL;
addr.sc_id = AFMAC_KERN_ID; // unique registered creator ID addr.sc_unit =
unit;
fd = socket(PF_SYSTEM, SOCK_DGRAM, SYSPROTO_CONTROL);
if(fd)
{
result = connect(fd, (struct sockaddr*)&addr, sizeof(struct
sockaddr_ctl));
... and so on
}"
My socket routine works fine but I am failing on the connect with errno = 1
or EPERM.
My understanding is the with the unit value set in both the NKE and the
client that this is setting the ownership to root.
You said there are various mechanisms for the client to communicate with
the NKE, maybe I am not using the correct mechanism or I am setting some
value incorrectly, do you see anything in error?
I was basically following the example in the "About Network Kernel
Extensions" material.
Thanks
Carl
-----Original Message-----
From: Peter
Sent: Monday, February 14, 2005 7:17 PM
To: Carl
Cc: email@hidden
Subject: Re: Change to root uid
On Feb 14, 2005, at 6:35 PM, Carl Smith wrote:
> I have a NKE and a client that I to talk to each other. If the client
> app is run at some users, that might not be root, I still want my
> client/NKE to talk with each other, but it is my understanding that
> NKEs need to be set with root user options only. In this case I need
> to set the uid to root within my client application.
>
> Is this possible and if so could you point me in the right direction
> as to what apis I need to be using?
The ownership/permissions of the nke need to be root/0755 for security
reasons but that doesn't mean that it "runs" as root. It runs in the
kernel and any user can talk to it, using various mechanisms. It's up
to you to make sure that the uid and/or application which talk to your
nke are suitable and appropriate for what you want to do.
Your client application does not need to be suid root, nor should you
(for usual activity) restrict your nke to a connection which can only
be made by someone logged in as root.
You haven't given us enough information to provide much more help than
this. The best thing would be to describe a bit more of what you're
trying to do.
Regards.....Peter
p.s. remember also that nke interfaces are subject to change, and Apple
presently discourages some of this development precisely because of the
version-to-version compatibility issues
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.853 / Virus Database: 581 - Release Date: 2/1/2005
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden