From: Paul Jakma <paulj@alphyra.ie>

Subject: [zebra 19125] vtysh bogus perms check

vtysh checks that the zebra.vty socket uid is == to its own euid, this is
bogus - let the kernel decide whether permissions match, vtysh shouldnt
try second guess. (this becomes noticeable when neither zebra nor vtysh
are run as root :) )

diff --git a/vtysh/vtysh.c b/vtysh/vtysh.c
index d1a5c5fd94c208e3fc5af8966dafd229c80b1133..be1f03e4d5dc14de4cfc86c3808a600dd7a94fc8 100644 (file)
--- a/vtysh/vtysh.c
+++ b/vtysh/vtysh.c
@@ -1618,14 +1618,6 @@ vtysh_connect (struct vtysh_client *vclient, char *path)
          exit (1);
        }
       
-      if (euid != s_stat.st_uid 
-         || !(s_stat.st_mode & S_IWUSR)
-         || !(s_stat.st_mode & S_IRUSR))
-       {
-         fprintf (stderr, "vtysh_connect(%s): No permission to access socket\n",
-                  path);
-         exit (1);
-       }
     }
 
   sock = socket (AF_UNIX, SOCK_STREAM, 0);