From 3be01aaf661cb34c3b44d7a7d7ff9639b3f2fda8 Mon Sep 17 00:00:00 2001 From: ru Date: Fri, 31 Aug 2001 12:31:09 +0000 Subject: Synch with NetBSD and OpenBSD. Allow non-superuser to open, listen to, and send safe commands on the routing socket. Superuser priviledge is required for all commands but RTM_GET. Lose `setuid root' bit of route(8). Reviewed by: wollman, dd --- sbin/route/Makefile | 1 - sbin/route/route.c | 4 ++-- sys/net/rtsock.c | 10 +++++++++- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/sbin/route/Makefile b/sbin/route/Makefile index ab3ab08..c4fa18b 100644 --- a/sbin/route/Makefile +++ b/sbin/route/Makefile @@ -7,7 +7,6 @@ SRCS= route.c keywords.h CFLAGS+=-I. -Wall -DNS CFLAGS+=-DINET6 CLEANFILES+=keywords.h -BINMODE=4555 keywords.h: keywords sed -e '/^#/d' -e '/^$$/d' ${.CURDIR}/keywords > _keywords.tmp diff --git a/sbin/route/route.c b/sbin/route/route.c index dd23bc1..bc14776 100644 --- a/sbin/route/route.c +++ b/sbin/route/route.c @@ -100,13 +100,14 @@ union sockunion { } so_dst, so_gate, so_mask, so_genmask, so_ifa, so_ifp; typedef union sockunion *sup; -int pid, rtm_addrs, uid; +int pid, rtm_addrs; int s; int forcehost, forcenet, doflush, nflag, af, qflag, tflag, keyword(); int iflag, verbose, aflen = sizeof (struct sockaddr_in); int locking, lockrest, debugonly; struct rt_metrics rt_metrics; u_long rtm_inits; +uid_t uid; int atalk_aton __P((const char *, struct at_addr *)); char *atalk_ntoa __P((struct at_addr)); const char *routename(), *netname(); @@ -176,7 +177,6 @@ main(argc, argv) s = socket(PF_ROUTE, SOCK_RAW, 0); if (s < 0) err(EX_OSERR, "socket"); - setuid(uid); if (*argv) switch (keyword(*argv)) { case K_GET: diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c index e8e85eb..ede7ad6 100644 --- a/sys/net/rtsock.c +++ b/sys/net/rtsock.c @@ -123,7 +123,7 @@ rts_attach(struct socket *so, int proto, struct proc *p) */ s = splnet(); so->so_pcb = (caddr_t)rp; - error = raw_usrreqs.pru_attach(so, proto, p); + error = raw_attach(so, proto); rp = sotorawcb(so); if (error) { splx(s); @@ -326,6 +326,14 @@ route_output(m, so) else senderr(ENOBUFS); } + + /* + * Verify that the caller has the appropriate privilege; RTM_GET + * is the only operation the non-superuser is allowed. + */ + if (rtm->rtm_type != RTM_GET && suser_xxx(so->so_cred, NULL, 0) != 0) + senderr(EPERM); + switch (rtm->rtm_type) { case RTM_ADD: -- cgit v1.1