Only allow users to see their own socket connections if

kern.ipc.showallsockets is set to 0. Submitted by: billf (with modifications by me) Inspired by: Dave McKay (aka pm aka Packet Magnet) Reviewed by: peter MFC after: 2 weeks
author: ps <ps@FreeBSD.org> 2001-10-05 07:06:32 +0000
committer: ps <ps@FreeBSD.org> 2001-10-05 07:06:32 +0000
commit: 38383190d52e794a70d2b71ee33fa321e5109e7a (patch)
tree: 953170eca78713bb41696224e03ab9f195a51086 /sys/netinet/ip_fw.c
parent: 9f7723d2e481ba58d2544017b5a18c2ce93dca5c (diff)
download: FreeBSD-src-38383190d52e794a70d2b71ee33fa321e5109e7a.zip
FreeBSD-src-38383190d52e794a70d2b71ee33fa321e5109e7a.tar.gz
1 files changed, 2 insertions, 4 deletions
diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c
index fbd2e90..320672c 100644
--- a/sys/netinet/ip_fw.c
+++ b/sys/netinet/ip_fw.c
@@ -1346,8 +1346,7 @@ again:
 
 			    if (P && P->inp_socket) {
 				if (f->fw_flg & IP_FW_F_UID) {
-					if (P->inp_socket->so_cred->cr_uid !=
-					    f->fw_uid)
+					if (socheckuid(P->inp_socket, f->fw_uid))
 						continue;
 				} else if (!groupmember(f->fw_gid,
 					    P->inp_socket->so_cred))
@@ -1375,8 +1374,7 @@ again:
 
 			    if (P && P->inp_socket) {
 				if (f->fw_flg & IP_FW_F_UID) {
-					if (P->inp_socket->so_cred->cr_uid !=
-					    f->fw_uid)
+					if (socheckuid(P->inp_socket, f->fw_uid))
 						continue;
 				} else if (!groupmember(f->fw_gid,
 					    P->inp_socket->so_cred))
author	ps <ps@FreeBSD.org>	2001-10-05 07:06:32 +0000
committer	ps <ps@FreeBSD.org>	2001-10-05 07:06:32 +0000
commit	38383190d52e794a70d2b71ee33fa321e5109e7a (patch)
tree	953170eca78713bb41696224e03ab9f195a51086 /sys/netinet/ip_fw.c
parent	9f7723d2e481ba58d2544017b5a18c2ce93dca5c (diff)
download	FreeBSD-src-38383190d52e794a70d2b71ee33fa321e5109e7a.zip FreeBSD-src-38383190d52e794a70d2b71ee33fa321e5109e7a.tar.gz