diff options
author | rwatson <rwatson@FreeBSD.org> | 2007-06-12 00:12:01 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2007-06-12 00:12:01 +0000 |
commit | 00b02345d424dac8a490ff28ff75fd9386196583 (patch) | |
tree | c439df85bebf079d07319c231d64ac481577b036 /sys/netinet6/udp6_usrreq.c | |
parent | e93b04c2868ee901613297bfbd90ff9990d8300e (diff) | |
download | FreeBSD-src-00b02345d424dac8a490ff28ff75fd9386196583.zip FreeBSD-src-00b02345d424dac8a490ff28ff75fd9386196583.tar.gz |
Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in
some cases, move to priv_check() if it was an operation on a thread and
no other flags were present.
Eliminate caller-side jail exception checking (also now-unused); jail
privilege exception code now goes solely in kern_jail.c.
We can't yet eliminate suser() due to some cases in the KAME code where
a privilege check is performed and then used in many different deferred
paths. Do, however, move those prototypes to priv.h.
Reviewed by: csjp
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/netinet6/udp6_usrreq.c')
-rw-r--r-- | sys/netinet6/udp6_usrreq.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c index 41be3ca..ba17f39 100644 --- a/sys/netinet6/udp6_usrreq.c +++ b/sys/netinet6/udp6_usrreq.c @@ -437,8 +437,7 @@ udp6_getcred(SYSCTL_HANDLER_ARGS) struct inpcb *inp; int error; - error = priv_check_cred(req->td->td_ucred, PRIV_NETINET_GETCRED, - SUSER_ALLOWJAIL); + error = priv_check(req->td, PRIV_NETINET_GETCRED); if (error) return (error); @@ -465,6 +464,9 @@ udp6_getcred(SYSCTL_HANDLER_ARGS) INP_LOCK(inp); KASSERT(inp->inp_socket != NULL, ("udp6_getcred: inp_socket == NULL")); + /* + * XXXRW: There should be a scoping access control check here. + */ cru2x(inp->inp_socket->so_cred, &xuc); INP_UNLOCK(inp); INP_INFO_RUNLOCK(&udbinfo); |