From ad8cb244ec2767471efbc523ffdc85952b0f3599 Mon Sep 17 00:00:00 2001 From: ru Date: Thu, 20 Sep 2001 08:25:25 +0000 Subject: Use the current process's credentials rather than socket's cached. If the process drops its super-user privileges, we certainly don't want to allow it to modify routing tables. Discussed with: rwatson --- sys/net/rtsock.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'sys/net') diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c index e7f3a2c..46adc0a 100644 --- a/sys/net/rtsock.c +++ b/sys/net/rtsock.c @@ -331,8 +331,8 @@ route_output(m, so) * Verify that the caller has the appropriate privilege; RTM_GET * is the only operation the non-superuser is allowed. */ - if (rtm->rtm_type != RTM_GET && suser_xxx(so->so_cred, NULL, 0) != 0) - senderr(EPERM); + if (rtm->rtm_type != RTM_GET && (error = suser(curproc)) != 0) + senderr(error); switch (rtm->rtm_type) { -- cgit v1.1