Allow changing of settings via ioctl only for the superuser.

Fixes PR security/11524.

sys/net/if_gif.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: if_gif.c,v 1.16 2000/10/07 04:18:04 itojun Exp $	*/
+/*	$NetBSD: if_gif.c,v 1.17 2000/11/19 18:48:45 martin Exp $	*/
 /*	$KAME: if_gif.c,v 1.34 2000/10/07 03:58:53 itojun Exp $	*/
 
 /*
@@ -42,6 +42,7 @@
 #include <sys/ioctl.h>
 #include <sys/time.h>
 #include <sys/syslog.h>
+#include <sys/proc.h>
 #include <sys/protosw.h>
 #include <machine/cpu.h>
 
@@ -439,6 +440,7 @@ gif_ioctl(ifp, cmd, data)
 	u_long cmd;
 	caddr_t data;
 {
+	struct proc *p = curproc;	/* XXX */
 	struct gif_softc *sc  = (struct gif_softc*)ifp;
 	struct ifreq     *ifr = (struct ifreq*)data;
 	int error = 0, size;
@@ -455,6 +457,8 @@ gif_ioctl(ifp, cmd, data)
 
 	case SIOCADDMULTI:
 	case SIOCDELMULTI:
+		if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
+			break;
 		switch (ifr->ifr_addr.sa_family) {
 #ifdef INET
 		case AF_INET:	/* IP supports Multicast */
@@ -477,6 +481,8 @@ gif_ioctl(ifp, cmd, data)
 	case SIOCSIFMTU:
 		{
 			u_long mtu;
+			if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
+				break;
 			mtu = ifr->ifr_mtu;
 			if (mtu < GIF_MTU_MIN || mtu > GIF_MTU_MAX) {
 				return (EINVAL);
@@ -490,6 +496,8 @@ gif_ioctl(ifp, cmd, data)
 #ifdef INET6
 	case SIOCSIFPHYADDR_IN6:
 #endif /* INET6 */
+		if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
+			break;
 		switch (cmd) {
 #ifdef INET
 		case SIOCSIFPHYADDR:
@@ -606,6 +614,8 @@ gif_ioctl(ifp, cmd, data)
 
 #ifdef SIOCDIFPHYADDR
 	case SIOCDIFPHYADDR:
+		if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
+			break;
 		gif_delete_tunnel(sc);
 		break;
 #endif

sys/net/if_gre.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: if_gre.c,v 1.12 2000/08/25 00:51:20 mjl Exp $ */
+/*	$NetBSD: if_gre.c,v 1.13 2000/11/19 18:48:44 martin Exp $ */
 
 /*
  * Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -55,6 +55,7 @@
 #include <sys/param.h>
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
+#include <sys/proc.h>
 #include <sys/protosw.h>
 #include <sys/socket.h>
 #include <sys/ioctl.h>
@@ -344,7 +345,7 @@ gre_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst,
 int
 gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 {
-
+	struct proc *p = curproc;	/* XXX */
 	struct ifaddr *ifa = (struct ifaddr *)data;
 	struct ifreq *ifr = (struct ifreq *)data;
 	struct in_ifaddr *ia = (struct in_ifaddr *)data;
@@ -360,6 +361,8 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 	switch(cmd) {
 	case SIOCSIFADDR:		
 	case SIOCSIFDSTADDR: 	
+		if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
+			break;
 		/* 
                  * set tunnel endpoints in case that we "only"
                  * have ip over ip encapsulation. This allows to
@@ -379,6 +382,8 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 		}
 		break;
 	case SIOCSIFFLAGS:
+		if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
+			break;
 		if ((sc->g_dst.s_addr == INADDR_ANY) || 
 		    (sc->g_src.s_addr == INADDR_ANY))
 			ifp->if_flags &= ~IFF_UP;
@@ -397,6 +402,8 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 		}
 		break;
 	case SIOCSIFMTU: 
+		if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
+			break;
 		if (ifr->ifr_mtu > GREMTU || ifr->ifr_mtu < 576) {
 			error = EINVAL;
 			break;
@@ -408,6 +415,8 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 		break;
 	case SIOCADDMULTI:
 	case SIOCDELMULTI:
+		if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
+			break;
 		if (ifr == 0) {
 			error = EAFNOSUPPORT;
 			break;
@@ -423,6 +432,8 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 		}
 		break;
 	case GRESPROTO:
+		if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
+			break;
 		sc->g_proto = ifr->ifr_flags;
 		switch (sc->g_proto) {
 		case IPPROTO_GRE :
@@ -442,6 +453,8 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 		break;
 	case GRESADDRS:
 	case GRESADDRD:
+		if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
+			break;
 		/*
 	         * set tunnel endpoints, compute a less specific route
 	         * to the remote end and mark if as up