diff options
author | csjp <csjp@FreeBSD.org> | 2004-05-07 15:33:17 +0000 |
---|---|---|
committer | csjp <csjp@FreeBSD.org> | 2004-05-07 15:33:17 +0000 |
commit | 60a433f4c8acdf24bf6f5cb354b72b52db72e6db (patch) | |
tree | 651ca61f0d5870d93b6372dae8a18c325ada5e3f | |
parent | 79e214c972bc10cf8d6ba78cebd6c7a217510a4c (diff) | |
download | FreeBSD-src-60a433f4c8acdf24bf6f5cb354b72b52db72e6db.zip FreeBSD-src-60a433f4c8acdf24bf6f5cb354b72b52db72e6db.tar.gz |
Teach route(8) how to deal with root being in a prison. If prison
root is allowed to create raw sockets, then they will be able to create
routing sockets, too. However prison-root is not able to manipulate
routing tables. So when route(8) attempts to write to a routing
socket and recieves EPERM from the kernel, exit rather than moving
on with execution.
Approved by: bmilekic (mentor)
-rw-r--r-- | sbin/route/route.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sbin/route/route.c b/sbin/route/route.c index dcd1ddc..474ac72 100644 --- a/sbin/route/route.c +++ b/sbin/route/route.c @@ -273,6 +273,8 @@ retry: rtm->rtm_type = RTM_DELETE; rtm->rtm_seq = seqno; rlen = write(s, next, rtm->rtm_msglen); + if (rlen < 0 && errno == EPERM) + err(1, "write to routing socket"); if (rlen < (int)rtm->rtm_msglen) { warn("write to routing socket"); (void) printf("got only %d for rlen\n", rlen); @@ -1223,6 +1225,8 @@ rtmsg(cmd, flags) if (debugonly) return (0); if ((rlen = write(s, (char *)&m_rtmsg, l)) < 0) { + if (errno == EPERM) + err(1, "writing to routing socket"); warn("writing to routing socket"); return (-1); } |