OpenSolaris

Printable Version Enter a New Search
Bug ID 6780866
Synopsis ikeadm should use authorizations
State 10-Fix Delivered (Fix available in build)
Category:Subcategory network:ipsec
Keywords
Responsible Engineer Paul Wernau
Reported Against
Duplicate Of
Introduced In
Commit to Fix snv_108
Fixed In snv_108
Release Fixed solaris_nevada(snv_108) , solaris_10u8(s10u8_02) (Bug ID:2174852)
Related Bugs 6829651 , 6219638
Submit Date 4-December-2008
Last Update Date 11-February-2009
Description 
ikeadm currently checks that a user is properly authorized by doing a poor man's test for root.  It tries to open a door file Read/Write that is owned and readable by root.

Dr--------   1 root     root           0 Nov 25 13:48 /var/run/ike_door

If ikeadm talks to in.iked through the door, in.iked acts on its behalf.

It should follow an authorization model where the authorization is enforced by in.iked itself, by checking the authorizations of the user.
Work Around 
N/A
Comments 
N/A