diff options
| author | rwatson <rwatson@FreeBSD.org> | 2006-11-06 14:54:06 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2006-11-06 14:54:06 +0000 |
| commit | 572da55a432cfcabe19b41502ef867e59edea8f6 (patch) | |
| tree | 24a5a8ca0f6495fc45fd07f1b990052667d646a6 /sys | |
| parent | 9da66947c437f843cbe63621743456ba7b4e4b05 (diff) | |
| download | FreeBSD-src-572da55a432cfcabe19b41502ef867e59edea8f6.zip FreeBSD-src-572da55a432cfcabe19b41502ef867e59edea8f6.tar.gz | |
Convert three new suser(9) calls introduced between when the priv(9)
patch was prepared and committed to priv(9) calls. Add XXX comments
as, in each case, the semantics appear to differ from the TCP/UDP
versions of the calls with respect to jail, and because cr_canseecred()
is not used to validate the query.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/netinet/sctp_pcb.c | 6 | ||||
| -rw-r--r-- | sys/netinet/sctp_usrreq.c | 9 | ||||
| -rw-r--r-- | sys/netinet6/sctp6_usrreq.c | 9 |
3 files changed, 19 insertions, 5 deletions
diff --git a/sys/netinet/sctp_pcb.c b/sys/netinet/sctp_pcb.c index d00e860..24c2ba5 100644 --- a/sys/netinet/sctp_pcb.c +++ b/sys/netinet/sctp_pcb.c @@ -47,6 +47,7 @@ __FBSDID("$FreeBSD$"); #include <sys/protosw.h> #include <sys/socket.h> #include <sys/socketvar.h> +#include <sys/priv.h> #include <sys/proc.h> #include <sys/kernel.h> #include <sys/sysctl.h> @@ -1768,9 +1769,8 @@ sctp_inpcb_bind(struct socket *so, struct sockaddr *addr, struct thread *p) */ /* got to be root to get at low ports */ if (ntohs(lport) < IPPORT_RESERVED) { - if (p && (error = - suser_cred(p->td_ucred, 0) - )) { + if (p && (error = priv_check(p, + PRIV_NETINET_RESERVEDPORT))) { SCTP_INP_DECR_REF(inp); SCTP_INP_WUNLOCK(inp); SCTP_INP_INFO_WUNLOCK(); diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c index 63097a8..25d639f 100644 --- a/sys/netinet/sctp_usrreq.c +++ b/sys/netinet/sctp_usrreq.c @@ -46,6 +46,7 @@ __FBSDID("$FreeBSD$"); #include <sys/malloc.h> #include <sys/mbuf.h> #include <sys/domain.h> +#include <sys/priv.h> #include <sys/proc.h> #include <sys/protosw.h> #include <sys/socket.h> @@ -488,9 +489,15 @@ sctp_getcred(SYSCTL_HANDLER_ARGS) struct sctp_tcb *stcb; int error, s; - error = suser(req->td); + /* + * XXXRW: Other instances of getcred use SUSER_ALLOWJAIL, as socket + * visibility is scoped using cr_canseesocket(), which it is not + * here. + */ + error = priv_check_cred(req->td->td_ucred, PRIV_NETINET_GETCRED, 0); if (error) return (error); + error = SYSCTL_IN(req, addrs, sizeof(addrs)); if (error) return (error); diff --git a/sys/netinet6/sctp6_usrreq.c b/sys/netinet6/sctp6_usrreq.c index 39d531b..3483658 100644 --- a/sys/netinet6/sctp6_usrreq.c +++ b/sys/netinet6/sctp6_usrreq.c @@ -49,6 +49,7 @@ __FBSDID("$FreeBSD$"); #include <sys/stat.h> #include <sys/systm.h> #include <sys/syslog.h> +#include <sys/priv.h> #include <sys/proc.h> #include <net/if.h> #include <net/route.h> @@ -481,7 +482,13 @@ sctp6_getcred(SYSCTL_HANDLER_ARGS) struct sctp_tcb *stcb; int error, s; - error = suser(req->td); + /* + * XXXRW: Other instances of getcred use SUSER_ALLOWJAIL, as socket + * visibility is scoped using cr_canseesocket(), which it is not + * here. + */ + error = priv_check_cred(req->td->td_ucred, PRIV_NETINET_RESERVEDPORT, + 0); if (error) return (error); |
