diff options
author | ps <ps@FreeBSD.org> | 2001-10-05 07:06:32 +0000 |
---|---|---|
committer | ps <ps@FreeBSD.org> | 2001-10-05 07:06:32 +0000 |
commit | 38383190d52e794a70d2b71ee33fa321e5109e7a (patch) | |
tree | 953170eca78713bb41696224e03ab9f195a51086 /sys/kern/uipc_socket.c | |
parent | 9f7723d2e481ba58d2544017b5a18c2ce93dca5c (diff) | |
download | FreeBSD-src-38383190d52e794a70d2b71ee33fa321e5109e7a.zip FreeBSD-src-38383190d52e794a70d2b71ee33fa321e5109e7a.tar.gz |
Only allow users to see their own socket connections if
kern.ipc.showallsockets is set to 0.
Submitted by: billf (with modifications by me)
Inspired by: Dave McKay (aka pm aka Packet Magnet)
Reviewed by: peter
MFC after: 2 weeks
Diffstat (limited to 'sys/kern/uipc_socket.c')
-rw-r--r-- | sys/kern/uipc_socket.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index 0b40522..94b6b00 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -92,6 +92,10 @@ static int somaxconn = SOMAXCONN; SYSCTL_INT(_kern_ipc, KIPC_SOMAXCONN, somaxconn, CTLFLAG_RW, &somaxconn, 0, "Maximum pending socket connection queue size"); +int showallsockets = 1; +SYSCTL_INT(_kern_ipc, OID_AUTO, showallsockets, CTLFLAG_RW, &showallsockets, + 0, "show users all other users pcb data"); + /* * Socket operation routines. * These routines are called by the routines in @@ -1644,3 +1648,29 @@ filt_solisten(struct knote *kn, long hint) kn->kn_data = so->so_qlen - so->so_incqlen; return (! TAILQ_EMPTY(&so->so_comp)); } + +int +socheckuid(struct socket *so, uid_t uid) +{ + + if (so == NULL) + return (EPERM); + if (so->so_cred->cr_uid == uid) + return (0); + return (EPERM); +} + +int +socheckproc(struct socket *so, struct proc *p) +{ + + if (p == NULL) + return (ESRCH); + if (socheckuid(so, p->p_ucred->cr_ruid) == 0) + return (0); + if (socheckuid(so, p->p_ucred->cr_uid) == 0) + return (0); + if (!suser_xxx(0, p, PRISON_ROOT)) + return (0); + return (EPERM); +} |