cvs commit: src/sys/netinet raw_ip.c

Robert Watson rwatson at FreeBSD.org
Tue Oct 12 09:47:26 PDT 2004


rwatson     2004-10-12 16:47:25 UTC

  FreeBSD src repository

  Modified files:
    sys/netinet          raw_ip.c 
  Log:
  When the access control on creating raw sockets was modified so that
  processes in jail could create raw sockets, additional access control
  checks were added to raw IP sockets to limit the ways in which those
  sockets could be used.  Specifically, only the socket option IP_HDRINCL
  was permitted in rip_ctloutput().  Other socket options were protected
  by a call to suser().  This change was required to prevent processes
  in a Jail from modifying system properties such as multicast routing
  and firewall rule sets.
  
  However, it also introduced a regression: processes that create a raw
  socket with root privilege, but then downgraded credential (i.e., a
  daemon giving up root, or a setuid process switching back to the real
  uid) could no longer issue other unprivileged generic IP socket option
  operations, such as IP_TOS, IP_TTL, and the multicast group membership
  options, which prevented multicast routing daemons (and some other
  tools) from operating correctly.
  
  This change pushes the access control decision down to the granularity
  of individual socket options, rather than all socket options, on raw
  IP sockets.  When rip_ctloutput() doesn't implement an option, it will
  now pass the request directly to in_control() without an access
  control check.  This should restore the functionality of the generic
  IP socket options for raw sockets in the above-described scenarios,
  which may be confirmed with the ipsockopt regression test.
  
  RELENG_5 candidate.
  
  Reviewed by:    csjp
  
  Revision  Changes    Path
  1.145     +41 -20    src/sys/netinet/raw_ip.c


More information about the cvs-src mailing list