Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix a regression in socket(2): in the BSD 4.4 security model, you 

don't have to be the superuser to open a PF_ROUTE socket.

Now, 'route -n get default' works again.
This commit is contained in:
dyoung 2006-11-14 05:20:21 +00:00
parent cfe7a78c9c
commit af1a9920a0
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sys/secmodel/bsd44/secmodel_bsd44_suser.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: secmodel_bsd44_suser.c,v 1.14 2006/10/30 16:53:48 elad Exp $ */
/* $NetBSD: secmodel_bsd44_suser.c,v 1.15 2006/11/14 05:20:21 dyoung Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
* All rights reserved.
@ -41,7 +41,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_suser.c,v 1.14 2006/10/30 16:53:48 elad Exp $");
__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_suser.c,v 1.15 2006/11/14 05:20:21 dyoung Exp $");
#include <sys/types.h>
#include <sys/param.h>
@ -348,7 +348,9 @@ secmodel_bsd44_suser_network_cb(kauth_cred_t cred, kauth_action_t action,
case KAUTH_NETWORK_SOCKET:
switch (req) {
case KAUTH_REQ_NETWORK_SOCKET_OPEN:
if ((u_long)arg2 == SOCK_RAW) {
if ((u_long)arg1 == PF_ROUTE)
result = KAUTH_RESULT_ALLOW;
else if ((u_long)arg2 == SOCK_RAW) {
if (isroot)
result = KAUTH_RESULT_ALLOW;
} else