summaryrefslogtreecommitdiffstats
path: root/sys/netinet
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet')
-rw-r--r--sys/netinet/ip_mroute.c8
-rw-r--r--sys/netinet/raw_ip.c10
2 files changed, 18 insertions, 0 deletions
diff --git a/sys/netinet/ip_mroute.c b/sys/netinet/ip_mroute.c
index b0490a4..94781e0 100644
--- a/sys/netinet/ip_mroute.c
+++ b/sys/netinet/ip_mroute.c
@@ -526,6 +526,14 @@ X_mrt_ioctl(int cmd, caddr_t data)
{
int error = 0;
+ /*
+ * Currently the only function calling this ioctl routine is rtioctl().
+ * Typically, only root can create the raw socket in order to execute
+ * this ioctl method, however the request might be coming from a prison
+ */
+ error = suser(curthread);
+ if (error)
+ return (error);
switch (cmd) {
case (SIOCGETVIFCNT):
error = get_vif_cnt((struct sioc_vif_req *)data);
diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c
index f8796f1..96e9b0a 100644
--- a/sys/netinet/raw_ip.c
+++ b/sys/netinet/raw_ip.c
@@ -344,6 +344,16 @@ rip_ctloutput(struct socket *so, struct sockopt *sopt)
if (sopt->sopt_level != IPPROTO_IP)
return (EINVAL);
+ /*
+ * Even though super-user is required to create a raw socket, the
+ * calling cred could be prison root. If so we want to restrict the
+ * access to IP_HDRINCL only.
+ */
+ if (sopt->sopt_name != IP_HDRINCL) {
+ error = suser(curthread);
+ if (error != 0)
+ return (error);
+ }
error = 0;
switch (sopt->sopt_dir) {
OpenPOWER on IntegriCloud