diff options
author | pjd <pjd@FreeBSD.org> | 2013-07-03 22:12:54 +0000 |
---|---|---|
committer | pjd <pjd@FreeBSD.org> | 2013-07-03 22:12:54 +0000 |
commit | d5113e2f2801e517733035a8d22216b334385537 (patch) | |
tree | 6c5d676ae25001585fe681690041a6cad04b4117 /sbin/dhclient/dhcpd.h | |
parent | f92ee0c897d1cd0cdbb0c8e2cb5f63869f1a0946 (diff) | |
download | FreeBSD-src-d5113e2f2801e517733035a8d22216b334385537.zip FreeBSD-src-d5113e2f2801e517733035a8d22216b334385537.tar.gz |
MFp4 @229481:
Currently it was allowed to send any UDP packets from unprivileged process and
possibly any packets because /dev/bpf was open for writing.
Move sending packets to privileged process. Unprivileged process has no longer
access to not connected UDP socket and has only access to /dev/bpf in read-only
mode.
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Diffstat (limited to 'sbin/dhclient/dhcpd.h')
-rw-r--r-- | sbin/dhclient/dhcpd.h | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/sbin/dhclient/dhcpd.h b/sbin/dhclient/dhcpd.h index 7747d03..479753e 100644 --- a/sbin/dhclient/dhcpd.h +++ b/sbin/dhclient/dhcpd.h @@ -300,8 +300,10 @@ struct hash_bucket *new_hash_bucket(void); int if_register_bpf(struct interface_info *, int); void if_register_send(struct interface_info *); void if_register_receive(struct interface_info *); -void send_packet(struct interface_info *, struct dhcp_packet *, size_t, - struct in_addr, struct in_addr); +void send_packet_unpriv(int, struct dhcp_packet *, size_t, struct in_addr, + struct in_addr); +struct imsg_hdr; +void send_packet_priv(struct interface_info *, struct imsg_hdr *, int); ssize_t receive_packet(struct interface_info *, unsigned char *, size_t, struct sockaddr_in *, struct hardware *); @@ -435,4 +437,4 @@ struct buf *buf_open(size_t); int buf_add(struct buf *, void *, size_t); int buf_close(int, struct buf *); ssize_t buf_read(int, void *, size_t); -void dispatch_imsg(int); +void dispatch_imsg(struct interface_info *, int); |