Teach route(8) how to deal with root being in a prison. If prison

root is allowed to create raw sockets, then they will be able to create routing sockets, too. However prison-root is not able to manipulate routing tables. So when route(8) attempts to write to a routing socket and recieves EPERM from the kernel, exit rather than moving on with execution. Approved by: bmilekic (mentor)
author: csjp <csjp@FreeBSD.org> 2004-05-07 15:33:17 +0000
committer: csjp <csjp@FreeBSD.org> 2004-05-07 15:33:17 +0000
commit: 60a433f4c8acdf24bf6f5cb354b72b52db72e6db (patch)
tree: 651ca61f0d5870d93b6372dae8a18c325ada5e3f /sbin/route
parent: 79e214c972bc10cf8d6ba78cebd6c7a217510a4c (diff)
download: FreeBSD-src-60a433f4c8acdf24bf6f5cb354b72b52db72e6db.zip
FreeBSD-src-60a433f4c8acdf24bf6f5cb354b72b52db72e6db.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/sbin/route/route.c b/sbin/route/route.c
index dcd1ddc..474ac72 100644
--- a/sbin/route/route.c
+++ b/sbin/route/route.c
@@ -273,6 +273,8 @@ retry:
 		rtm->rtm_type = RTM_DELETE;
 		rtm->rtm_seq = seqno;
 		rlen = write(s, next, rtm->rtm_msglen);
+		if (rlen < 0 && errno == EPERM)
+			err(1, "write to routing socket");
 		if (rlen < (int)rtm->rtm_msglen) {
 			warn("write to routing socket");
 			(void) printf("got only %d for rlen\n", rlen);
@@ -1223,6 +1225,8 @@ rtmsg(cmd, flags)
 	if (debugonly)
 		return (0);
 	if ((rlen = write(s, (char *)&m_rtmsg, l)) < 0) {
+		if (errno == EPERM)
+			err(1, "writing to routing socket");
 		warn("writing to routing socket");
 		return (-1);
 	}
author	csjp <csjp@FreeBSD.org>	2004-05-07 15:33:17 +0000
committer	csjp <csjp@FreeBSD.org>	2004-05-07 15:33:17 +0000
commit	60a433f4c8acdf24bf6f5cb354b72b52db72e6db (patch)
tree	651ca61f0d5870d93b6372dae8a18c325ada5e3f /sbin/route
parent	79e214c972bc10cf8d6ba78cebd6c7a217510a4c (diff)
download	FreeBSD-src-60a433f4c8acdf24bf6f5cb354b72b52db72e6db.zip FreeBSD-src-60a433f4c8acdf24bf6f5cb354b72b52db72e6db.tar.gz