[radvd-devel-l] Radvd problem with non-root:
config_interface() fails
Jim Paris
jim at jtan.com
Mon Jan 21 02:18:43 EST 2008
Pekka Savola wrote:
> Jul 4 06:37:12 orion radvd[2829]: failed to set CurHopLimit (64) for eth0
>
> This stems from the fact that config_interface() wants to modify /proc
> entries which are not writable except by root.
>
> Unfortunately I don't see an easy eay to fix this. We could drop root
> privileges later (which in turn would require shuffling code around
> quite a bit), but if config changed, new configuration couldn't get
> activated after SIGHUP. A more comprehensive solution would be
> splitting the radvd process to a root-running "master process" and
> nonroot "worker process" (like e.g. openssh does) and a signalling
> channel between them but that would require lots of code.
>
> Are there other options how to proceed?
A similar idea to your "master/worker", but much easier to code, would
be to create a setuid helper binary. The helper would verify the
invoking username against a compiled-in default, check the parameter
ranges against some sane limits, and then make the changes. Spawning
this process wouldn't be the most efficient thing in the world, but
it's infrequent.
This bug hit me today -- I was trying to figure out why Firefox was
stalling on certain websites, and it turns out that it's a MTU/MSS
issue with my 6to4 tunnel, and presumably routers along the way that
filter PMTU discovery or something. Radvd was supposed to be setting
the MTU to 1480, but that never happened and most sites worked fine,
so I didn't notice.
-jim
More information about the radvd-devel-l
mailing list