[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

documentation/3631: securelevel(7) does not comment about 'net.inet.ip.sourceroute'

To: gnats@openbsd.org
Subject: documentation/3631: securelevel(7) does not comment about 'net.inet.ip.sourceroute'
From: Ryan.Leslie@diesel.routed.net
Date: Wed, 7 Jan 2004 16:49:59 -0500 (EST)
Resent-Date: Wed, 7 Jan 2004 15:10:03 -0700 (MST)
Resent-From: gnats@cvs.openbsd.org (GNATS Filer)
Resent-Message-Id: <200401072210.i07MA3cc001252@cvs.openbsd.org>
Resent-Reply-To: gnats@cvs.openbsd.org, ryan.leslie@binghamton.edu
Resent-To: bugs@cvs.openbsd.org

>Number:         3631
>Category:       documentation
>Synopsis:       securelevel(7) does not comment about 'net.inet.ip.sourceroute'
>Confidential:   yes
>Severity:       non-critical
>Priority:       low
>Responsible:    bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          doc-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jan 07 22:10:01 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Ryan Leslie
>Release:        
>Organization:
net
>Environment:
	System      : OpenBSD 3.3
	Architecture: OpenBSD.sparc64
	Machine     : sparc64
>Description:

    The net.inet.ip.sourceroute kernel variable cannot be changed when kern.securelevel > 0, 
but securelevel(7) gives no reference to this behavior. I think it could be helpful to some
system administrators if this were noted in the manual. /usr/src/sys/netinet/ip_input.c does
have a comment on it:

case IPCTL_SOURCEROUTE:
        /*
         * Don't allow this to change in a secure environment.
         */
        if (newp && securelevel > 0)
                return (EPERM);

Thanks,

Ryan


>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:

Prev by Date: Re: documentation/3626
Next by Date: Card Termination Info, application
Prev by thread: Re: documentation/3626
Next by thread: Card Termination Info, application
Index(es):
- Date
- Thread