[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

/dev/pf perms and oidentd non-privileged

To: tech@openbsd.org
Subject: /dev/pf perms and oidentd non-privileged
From: David Wollmann <dwollmann@puttybox.com>
Date: Thu, 25 Jul 2002 14:14:44 -0500
Content-Disposition: inline
User-Agent: Mutt/1.3.25i

I need a NAT-compatible identd due to the fact that I'm on a cable
network with a bad reputation for failing to smack down kiddies who
abuse IRC servers.

In the past I've used oidentd on a linux-based firewall to supply this
service. Since I've switched to OpenBSD on the firewall, I'd like to use
oidentd there, but when run oidentd is run with non-privileged uid/gid
it returns 'ERROR : NO-USER' for all NAT'd requests. Looking at the
oidentd source, I'm guessing this is due to the failed read/write open
of /dev/pf when oidentd tries to service a NAT'd request.

Unless I'm mistaken, /dev/pf must be owned root:wheel, so a special
group and /dev/pf with group r/w perms is out of the question (please
correct me if I'm wrong).

Other than fixing the oidentd code, is there a reasonably safe
workaround for this problem, or is there a "safer" identd that supports
NAT?

TIA,

-- 
David Wollmann
ICQ: 10742063

Follow-Ups:
- Re: /dev/pf perms and oidentd non-privileged
  - From: kjell@pintday.org
- Re: /dev/pf perms and oidentd non-privileged
  - From: Jolan Luff <jolan@pulsar.pellaeon.com>
- Re: /dev/pf perms and oidentd non-privileged
  - From: Rukh <rukh@rukh.net>

Prev by Date: md5/sha1/rmd160 patch
Next by Date: Re: /dev/pf perms and oidentd non-privileged
Prev by thread: Re: md5/sha1/rmd160 patch
Next by thread: Re: /dev/pf perms and oidentd non-privileged
Index(es):
- Date
- Thread