In 'highly secure' mode (securelevel >= 2), the filter lists may not be tampered with. It might be desirable to allow enabling of preset filter lists, but it seems too good a candidate for a denial-of-service attack, so we don't.

This commit is contained in:
tls 1998-11-14 07:42:37 +00:00
parent 88aaa797c9
commit da1c106b85
2 changed files with 58 additions and 2 deletions

View File

@ -1,4 +1,4 @@
/* $NetBSD: ip_fil.c,v 1.28 1998/07/17 00:35:23 sommerfe Exp $ */ /* $NetBSD: ip_fil.c,v 1.29 1998/11/14 07:42:37 tls Exp $ */
/* /*
* Copyright (C) 1993-1997 by Darren Reed. * Copyright (C) 1993-1997 by Darren Reed.
@ -397,7 +397,11 @@ int mode;
{ {
u_int enable; u_int enable;
# if defined(__NetBSD__)
if ((securelevel >= 2) || !(mode & FWRITE))
#else
if (!(mode & FWRITE)) if (!(mode & FWRITE))
#endif
error = EPERM; error = EPERM;
else { else {
IRCOPY(data, (caddr_t)&enable, sizeof(enable)); IRCOPY(data, (caddr_t)&enable, sizeof(enable));
@ -417,7 +421,11 @@ int mode;
} }
#endif #endif
case SIOCSETFF : case SIOCSETFF :
#if defined(__NetBSD__)
if ((securelevel >= 2) || !(mode & FWRITE))
#else
if (!(mode & FWRITE)) if (!(mode & FWRITE))
#endif
error = EPERM; error = EPERM;
else else
IRCOPY(data, (caddr_t)&fr_flags, sizeof(fr_flags)); IRCOPY(data, (caddr_t)&fr_flags, sizeof(fr_flags));
@ -429,7 +437,11 @@ int mode;
case SIOCRMAFR : case SIOCRMAFR :
case SIOCADAFR : case SIOCADAFR :
case SIOCZRLST : case SIOCZRLST :
#if defined(__NetBSD__)
if ((securelevel >= 2) || !(mode & FWRITE))
#else
if (!(mode & FWRITE)) if (!(mode & FWRITE))
#endif
error = EPERM; error = EPERM;
else else
error = frrequest(unit, cmd, data, fr_active); error = frrequest(unit, cmd, data, fr_active);
@ -437,13 +449,21 @@ int mode;
case SIOCINIFR : case SIOCINIFR :
case SIOCRMIFR : case SIOCRMIFR :
case SIOCADIFR : case SIOCADIFR :
#if defined(__NetBSD__)
if ((securelevel >= 2) || !(mode & FWRITE))
#else
if (!(mode & FWRITE)) if (!(mode & FWRITE))
#endif
error = EPERM; error = EPERM;
else else
error = frrequest(unit, cmd, data, 1 - fr_active); error = frrequest(unit, cmd, data, 1 - fr_active);
break; break;
case SIOCSWAPA : case SIOCSWAPA :
#if defined(__NetBSD__)
if((securelevel >= 2) || !(mode & FWRITE))
#else
if (!(mode & FWRITE)) if (!(mode & FWRITE))
#endif
error = EPERM; error = EPERM;
else { else {
bzero((char *)frcache, sizeof(frcache[0]) * 2); bzero((char *)frcache, sizeof(frcache[0]) * 2);
@ -473,13 +493,21 @@ int mode;
break; break;
} }
case SIOCFRZST : case SIOCFRZST :
#if defined(__NetBSD__)
if ((securelevel >= 2) || !(mode & FWRITE))
#else
if (!(mode & FWRITE)) if (!(mode & FWRITE))
#endif
error = EPERM; error = EPERM;
else else
frzerostats(data); frzerostats(data);
break; break;
case SIOCIPFFL : case SIOCIPFFL :
#if defined(__NetBSD__)
if ((securelevel >= 2) || !(mode & FWRITE))
#else
if (!(mode & FWRITE)) if (!(mode & FWRITE))
#endif
error = EPERM; error = EPERM;
else { else {
IRCOPY(data, (caddr_t)&tmp, sizeof(tmp)); IRCOPY(data, (caddr_t)&tmp, sizeof(tmp));
@ -489,7 +517,11 @@ int mode;
break; break;
#ifdef IPFILTER_LOG #ifdef IPFILTER_LOG
case SIOCIPFFB : case SIOCIPFFB :
#if defined(__NetBSD__)
if ((securelevel >= 2) || !(mode & FWRITE))
#else
if (!(mode & FWRITE)) if (!(mode & FWRITE))
#endif
error = EPERM; error = EPERM;
else else
*(int *)data = ipflog_clear(unit); *(int *)data = ipflog_clear(unit);
@ -500,7 +532,11 @@ int mode;
break; break;
case SIOCAUTHW : case SIOCAUTHW :
case SIOCAUTHR : case SIOCAUTHR :
#if defined(__NetBSD__)
if ((securelevel >= 2) || !(mode & FWRITE)) {
#else
if (!(mode & FWRITE)) { if (!(mode & FWRITE)) {
#endif
error = EPERM; error = EPERM;
break; break;
} }
@ -508,7 +544,11 @@ int mode;
error = fr_auth_ioctl(data, cmd, NULL, NULL); error = fr_auth_ioctl(data, cmd, NULL, NULL);
break; break;
case SIOCFRSYN : case SIOCFRSYN :
#if defined(__NetBSD__)
if ((securelevel >= 2) || !(mode & FWRITE))
#else
if (!(mode & FWRITE)) if (!(mode & FWRITE))
#endif
error = EPERM; error = EPERM;
else { else {
#if defined(_KERNEL) && defined(__sgi) #if defined(_KERNEL) && defined(__sgi)

View File

@ -1,4 +1,4 @@
/* $NetBSD: ip_nat.c,v 1.20 1998/07/12 15:24:00 veego Exp $ */ /* $NetBSD: ip_nat.c,v 1.21 1998/11/14 07:42:37 tls Exp $ */
/* /*
* Copyright (C) 1995-1997 by Darren Reed. * Copyright (C) 1995-1997 by Darren Reed.
@ -236,7 +236,11 @@ int mode;
switch (cmd) switch (cmd)
{ {
case SIOCADNAT : case SIOCADNAT :
#if defined(__NetBSD__)
if ((securelevel >= 2) || !(mode & FWRITE)) {
#else
if (!(mode & FWRITE)) { if (!(mode & FWRITE)) {
#endif
error = EPERM; error = EPERM;
break; break;
} }
@ -281,7 +285,11 @@ int mode;
ATOMIC_INC(nat_stats.ns_rules); ATOMIC_INC(nat_stats.ns_rules);
break; break;
case SIOCRMNAT : case SIOCRMNAT :
#if defined(__NetBSD__)
if ((securelevel >= 2) || !(mode & FWRITE)) {
#else
if (!(mode & FWRITE)) { if (!(mode & FWRITE)) {
#endif
error = EPERM; error = EPERM;
n = NULL; n = NULL;
break; break;
@ -323,7 +331,11 @@ int mode;
break; break;
} }
case SIOCFLNAT : case SIOCFLNAT :
#if defined(__NetBSD__)
if ((securelevel >= 2) || !(mode & FWRITE)) {
#else
if (!(mode & FWRITE)) { if (!(mode & FWRITE)) {
#endif
error = EPERM; error = EPERM;
break; break;
} }
@ -333,7 +345,11 @@ int mode;
IWCOPY((caddr_t)&ret, data, sizeof(ret)); IWCOPY((caddr_t)&ret, data, sizeof(ret));
break; break;
case SIOCCNATL : case SIOCCNATL :
#if defined(__NetBSD__)
if ((securelevel >= 2) || !(mode & FWRITE)) {
#else
if (!(mode & FWRITE)) { if (!(mode & FWRITE)) {
#endif
error = EPERM; error = EPERM;
break; break;
} }