cvs commit: src/sys/netinet raw_ip.c

Gleb Smirnoff glebius at
Tue Oct 12 10:40:25 PDT 2004

Thank you!

On Tue, Oct 12, 2004 at 04:47:25PM +0000, Robert Watson wrote:
R> rwatson     2004-10-12 16:47:25 UTC
R>   FreeBSD src repository
R>   Modified files:
R>     sys/netinet          raw_ip.c 
R>   Log:
R>   When the access control on creating raw sockets was modified so that
R>   processes in jail could create raw sockets, additional access control
R>   checks were added to raw IP sockets to limit the ways in which those
R>   sockets could be used.  Specifically, only the socket option IP_HDRINCL
R>   was permitted in rip_ctloutput().  Other socket options were protected
R>   by a call to suser().  This change was required to prevent processes
R>   in a Jail from modifying system properties such as multicast routing
R>   and firewall rule sets.
R>   However, it also introduced a regression: processes that create a raw
R>   socket with root privilege, but then downgraded credential (i.e., a
R>   daemon giving up root, or a setuid process switching back to the real
R>   uid) could no longer issue other unprivileged generic IP socket option
R>   operations, such as IP_TOS, IP_TTL, and the multicast group membership
R>   options, which prevented multicast routing daemons (and some other
R>   tools) from operating correctly.
R>   This change pushes the access control decision down to the granularity
R>   of individual socket options, rather than all socket options, on raw
R>   IP sockets.  When rip_ctloutput() doesn't implement an option, it will
R>   now pass the request directly to in_control() without an access
R>   control check.  This should restore the functionality of the generic
R>   IP socket options for raw sockets in the above-described scenarios,
R>   which may be confirmed with the ipsockopt regression test.
R>   RELENG_5 candidate.
R>   Reviewed by:    csjp
R>   Revision  Changes    Path
R>   1.145     +41 -20    src/sys/netinet/raw_ip.c

Totus tuus, Glebius.

More information about the cvs-src mailing list