do not check super user privilege in ip6_savecontrol. It is

meaningless and can even be harmful.

Obtained from:	KAME
MFC after:	3 days

1 files changed, 5 insertions, 20 deletions

diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c
index 0fa9a7b..4eb6042 100644
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@@ -1107,13 +1107,8 @@ ip6_savecontrol(in6p, m, mp)
 	struct mbuf *m, **mp;
 {
 #define IS2292(x, y)	((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y))
-	struct thread *td = curthread;	/* XXX */
-	int privileged = 0;
 	struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
 
-	if (td && !suser(td))
-		privileged++;
-
 #ifdef SO_TIMESTAMP
 	if ((in6p->in6p_socket->so_options & SO_TIMESTAMP) != 0) {
 		struct timeval tv;
@@ -1169,16 +1164,13 @@ ip6_savecontrol(in6p, m, mp)
 	}
 
 	/*
-	 * IPV6_HOPOPTS socket option. We require super-user privilege
-	 * for the option, but it might be too strict, since there might
-	 * be some hop-by-hop options which can be returned to normal user.
-	 * See RFC 2292 section 6.
+	 * IPV6_HOPOPTS socket option.  Recall that we required super-user
+	 * privilege for the option (see ip6_ctloutput), but it might be too
+	 * strict, since there might be some hop-by-hop options which can be
+	 * returned to normal user.
+	 * See also RFC 2292 section 6 (or RFC 3542 section 8).
 	 */
 	if ((in6p->in6p_flags & IN6P_HOPOPTS) != 0) {
-#ifdef DIAGNOSTIC
-		if (!privileged)
-			panic("IN6P_HOPOPTS is set for unprivileged socket");
-#endif
 		/*
 		 * Check if a hop-by-hop options header is contatined in the
 		 * received packet, and if so, store the options as ancillary
@@ -1294,13 +1286,6 @@ ip6_savecontrol(in6p, m, mp)
 				if (!(in6p->in6p_flags & IN6P_DSTOPTS))
 					break;
 
-				/*
-				 * We also require super-user privilege for
-				 * the option.  See comments on IN6_HOPOPTS.
-				 */
-				if (!privileged)
-					break;
-
 				*mp = sbcreatecontrol((caddr_t)ip6e, elen,
 				    IS2292(IPV6_2292DSTOPTS, IPV6_DSTOPTS),
 				    IPPROTO_IPV6);