cvs commit: src/sys/netinet ip_fw2.c
Christian S.J. Peron
csjp at FreeBSD.org
Tue May 25 08:02:52 PDT 2004
csjp 2004/05/25 08:02:13 PDT
FreeBSD src repository
Modified files:
sys/netinet ip_fw2.c
Log:
Add a super-user check to ipfw_ctl() to make sure that the calling
process is a non-prison root. The security.jail.allow_raw_sockets
sysctl variable is disabled by default, however if the user enables
raw sockets in prisons, prison-root should not be able to interact
with firewall rule sets.
Approved by: rwatson, bmilekic (mentor)
Revision Changes Path
1.58 +4 -0 src/sys/netinet/ip_fw2.c
More information about the cvs-src
mailing list