diff options
| author | pjd <pjd@FreeBSD.org> | 2013-07-03 22:12:54 +0000 |
|---|---|---|
| committer | pjd <pjd@FreeBSD.org> | 2013-07-03 22:12:54 +0000 |
| commit | d5113e2f2801e517733035a8d22216b334385537 (patch) | |
| tree | 6c5d676ae25001585fe681690041a6cad04b4117 /sbin/dhclient/privsep.c | |
| parent | f92ee0c897d1cd0cdbb0c8e2cb5f63869f1a0946 (diff) | |
| download | FreeBSD-src-d5113e2f2801e517733035a8d22216b334385537.zip FreeBSD-src-d5113e2f2801e517733035a8d22216b334385537.tar.gz | |
MFp4 @229481:
Currently it was allowed to send any UDP packets from unprivileged process and
possibly any packets because /dev/bpf was open for writing.
Move sending packets to privileged process. Unprivileged process has no longer
access to not connected UDP socket and has only access to /dev/bpf in read-only
mode.
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Diffstat (limited to 'sbin/dhclient/privsep.c')
| -rw-r--r-- | sbin/dhclient/privsep.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/sbin/dhclient/privsep.c b/sbin/dhclient/privsep.c index b42572f..a0521a6 100644 --- a/sbin/dhclient/privsep.c +++ b/sbin/dhclient/privsep.c @@ -101,7 +101,7 @@ buf_read(int sock, void *buf, size_t nbytes) } void -dispatch_imsg(int fd) +dispatch_imsg(struct interface_info *ifi, int fd) { struct imsg_hdr hdr; char *medium, *reason, *filename, @@ -232,6 +232,9 @@ dispatch_imsg(int fd) if (buf_close(fd, buf) == -1) error("buf_close: %m"); break; + case IMSG_SEND_PACKET: + send_packet_priv(ifi, &hdr, fd); + break; default: error("received unknown message, code %d", hdr.code); } |
