svn commit: r186980 - in head/sys: net netinet netinet6
Bjoern A. Zeeb
bz at FreeBSD.org
Fri Jan 9 14:00:22 PST 2009
On Fri, 9 Jan 2009, Bjoern A. Zeeb wrote:
> Author: bz
> Date: Fri Jan 9 21:57:49 2009
> New Revision: 186980
> URL: http://svn.freebsd.org/changeset/base/186980
>
> Log:
> Restrict arp, ndp and theoretically the FIB listing (if not
> read with libkvm) to the addresses of a prison, when inside a
> jail. [1]
> As the patch from the PR was pre-'new-arp', add checks to the
> llt_dump handlers as well.
>
> While touching RTM_GET in route_output(), consistently use
> curthread credentials rather than the creds from the socket
> there. [2]
>
> PR: kern/68189
> Submitted by: Mark Delany <sxcg2-fuwxj at qmda.emu.st> [1]
That should have been:
Submitted by: Uwe Doering <gemini at geminix.org> [1]
> Discussed with: rwatson [2]
> Reviewed by: rwatson
> MFC after: 4 weeks
>
> Modified:
> head/sys/net/rtsock.c
> head/sys/netinet/in.c
> head/sys/netinet6/in6.c
>
> Modified: head/sys/net/rtsock.c
> ==============================================================================
> --- head/sys/net/rtsock.c Fri Jan 9 21:39:44 2009 (r186979)
> +++ head/sys/net/rtsock.c Fri Jan 9 21:57:49 2009 (r186980)
> @@ -611,6 +611,12 @@ route_output(struct mbuf *m, struct sock
> case RTM_GET:
> report:
> RT_LOCK_ASSERT(rt);
> + if (jailed(curthread->td_ucred) &&
> + ((rt->rt_flags & RTF_HOST) == 0 ||
> + !prison_if(curthread->td_ucred, rt_key(rt)))) {
> + RT_UNLOCK(rt);
> + senderr(ESRCH);
> + }
> info.rti_info[RTAX_DST] = rt_key(rt);
> info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
> info.rti_info[RTAX_NETMASK] = rt_mask(rt);
> @@ -620,10 +626,10 @@ route_output(struct mbuf *m, struct sock
> if (ifp) {
> info.rti_info[RTAX_IFP] =
> ifp->if_addr->ifa_addr;
> - if (jailed(so->so_cred)) {
> + if (jailed(curthread->td_ucred)) {
> error = rtm_get_jailed(
> &info, ifp, rt, &saun,
> - so->so_cred);
> + curthread->td_ucred);
> if (error != 0) {
> RT_UNLOCK(rt);
> senderr(ESRCH);
> @@ -1256,6 +1262,10 @@ sysctl_dumpentry(struct radix_node *rn,
>
> if (w->w_op == NET_RT_FLAGS && !(rt->rt_flags & w->w_arg))
> return 0;
> + if (jailed(w->w_req->td->td_ucred) &&
> + ((rt->rt_flags & RTF_HOST) == 0 ||
> + !prison_if(w->w_req->td->td_ucred, rt_key(rt))))
> + return (0);
> bzero((caddr_t)&info, sizeof(info));
> info.rti_info[RTAX_DST] = rt_key(rt);
> info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
>
> Modified: head/sys/netinet/in.c
> ==============================================================================
> --- head/sys/netinet/in.c Fri Jan 9 21:39:44 2009 (r186979)
> +++ head/sys/netinet/in.c Fri Jan 9 21:57:49 2009 (r186980)
> @@ -1201,6 +1201,10 @@ in_lltable_dump(struct lltable *llt, str
> /* skip deleted entries */
> if ((lle->la_flags & (LLE_DELETED|LLE_VALID)) != LLE_VALID)
> continue;
> + /* Skip if jailed and not a valid IP of the prison. */
> + if (jailed(wr->td->td_ucred) &&
> + !prison_if(wr->td->td_ucred, L3_ADDR(lle)))
> + continue;
> /*
> * produce a msg made of:
> * struct rt_msghdr;
>
> Modified: head/sys/netinet6/in6.c
> ==============================================================================
> --- head/sys/netinet6/in6.c Fri Jan 9 21:39:44 2009 (r186979)
> +++ head/sys/netinet6/in6.c Fri Jan 9 21:57:49 2009 (r186980)
> @@ -2240,6 +2240,10 @@ in6_lltable_dump(struct lltable *llt, st
> /* skip deleted or invalid entries */
> if ((lle->la_flags & (LLE_DELETED|LLE_VALID)) != LLE_VALID)
> continue;
> + /* Skip if jailed and not a valid IP of the prison. */
> + if (jailed(wr->td->td_ucred) &&
> + !prison_if(wr->td->td_ucred, L3_ADDR(lle)))
> + continue;
> /*
> * produce a msg made of:
> * struct rt_msghdr;
>
--
Bjoern A. Zeeb The greatest risk is not taking one.
More information about the svn-src-head
mailing list