Another place for securelevel?

Cees de Groot (C.deGroot@inter.nl.net)
Mon, 26 Feb 1996 12:32:42 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jason Burrell: "Whole string of OOPSes with 1.3.68."
Previous message: Alan Cox: "Re: Netbios packets sent over loopback device?"

Hi,

I was busy getting myself into firewalling, and I thought this might be a
useful patch:
>>>>>>>>>>>>>>>
--- ip_sockglue.c.ori Mon Feb 26 12:27:50 1996
+++ ip_sockglue.c Mon Feb 26 12:28:00 1996
@@ -387,7 +387,7 @@
case IP_FW_POLICY_IN:
case IP_FW_POLICY_OUT:
case IP_FW_POLICY_FWD:
- if(!suser())
+ if(!suser() || securelevel > 0)
return -EPERM;
if(optlen>sizeof(tmp_fw) || optlen<1)
return -EINVAL;
<<<<<<<<<<<<<<<

This effectively freezes your firewall configuration after boot, so the bad
guys can't open your net even if they manage to hack into your firewall machine.

Comments?

Regards

Cees

-- 
Cees de Groot                                        <C.deGroot@inter.NL.net>
OpenLink Software, Inc.

Next message: Jason Burrell: "Whole string of OOPSes with 1.3.68."
Previous message: Alan Cox: "Re: Netbios packets sent over loopback device?"