From owner-svn-src-head@FreeBSD.ORG Fri Jan 9 21:57:50 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1CC811065672; Fri, 9 Jan 2009 21:57:50 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 0B7A08FC0A; Fri, 9 Jan 2009 21:57:50 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n09LvnHR070064; Fri, 9 Jan 2009 21:57:49 GMT (envelope-from bz@svn.freebsd.org) Received: (from bz@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n09LvnG4070060; Fri, 9 Jan 2009 21:57:49 GMT (envelope-from bz@svn.freebsd.org) Message-Id: <200901092157.n09LvnG4070060@svn.freebsd.org> From: "Bjoern A. Zeeb" Date: Fri, 9 Jan 2009 21:57:49 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r186980 - in head/sys: net netinet netinet6 X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Jan 2009 21:57:50 -0000 Author: bz Date: Fri Jan 9 21:57:49 2009 New Revision: 186980 URL: http://svn.freebsd.org/changeset/base/186980 Log: Restrict arp, ndp and theoretically the FIB listing (if not read with libkvm) to the addresses of a prison, when inside a jail. [1] As the patch from the PR was pre-'new-arp', add checks to the llt_dump handlers as well. While touching RTM_GET in route_output(), consistently use curthread credentials rather than the creds from the socket there. [2] PR: kern/68189 Submitted by: Mark Delany [1] Discussed with: rwatson [2] Reviewed by: rwatson MFC after: 4 weeks Modified: head/sys/net/rtsock.c head/sys/netinet/in.c head/sys/netinet6/in6.c Modified: head/sys/net/rtsock.c ============================================================================== --- head/sys/net/rtsock.c Fri Jan 9 21:39:44 2009 (r186979) +++ head/sys/net/rtsock.c Fri Jan 9 21:57:49 2009 (r186980) @@ -611,6 +611,12 @@ route_output(struct mbuf *m, struct sock case RTM_GET: report: RT_LOCK_ASSERT(rt); + if (jailed(curthread->td_ucred) && + ((rt->rt_flags & RTF_HOST) == 0 || + !prison_if(curthread->td_ucred, rt_key(rt)))) { + RT_UNLOCK(rt); + senderr(ESRCH); + } info.rti_info[RTAX_DST] = rt_key(rt); info.rti_info[RTAX_GATEWAY] = rt->rt_gateway; info.rti_info[RTAX_NETMASK] = rt_mask(rt); @@ -620,10 +626,10 @@ route_output(struct mbuf *m, struct sock if (ifp) { info.rti_info[RTAX_IFP] = ifp->if_addr->ifa_addr; - if (jailed(so->so_cred)) { + if (jailed(curthread->td_ucred)) { error = rtm_get_jailed( &info, ifp, rt, &saun, - so->so_cred); + curthread->td_ucred); if (error != 0) { RT_UNLOCK(rt); senderr(ESRCH); @@ -1256,6 +1262,10 @@ sysctl_dumpentry(struct radix_node *rn, if (w->w_op == NET_RT_FLAGS && !(rt->rt_flags & w->w_arg)) return 0; + if (jailed(w->w_req->td->td_ucred) && + ((rt->rt_flags & RTF_HOST) == 0 || + !prison_if(w->w_req->td->td_ucred, rt_key(rt)))) + return (0); bzero((caddr_t)&info, sizeof(info)); info.rti_info[RTAX_DST] = rt_key(rt); info.rti_info[RTAX_GATEWAY] = rt->rt_gateway; Modified: head/sys/netinet/in.c ============================================================================== --- head/sys/netinet/in.c Fri Jan 9 21:39:44 2009 (r186979) +++ head/sys/netinet/in.c Fri Jan 9 21:57:49 2009 (r186980) @@ -1201,6 +1201,10 @@ in_lltable_dump(struct lltable *llt, str /* skip deleted entries */ if ((lle->la_flags & (LLE_DELETED|LLE_VALID)) != LLE_VALID) continue; + /* Skip if jailed and not a valid IP of the prison. */ + if (jailed(wr->td->td_ucred) && + !prison_if(wr->td->td_ucred, L3_ADDR(lle))) + continue; /* * produce a msg made of: * struct rt_msghdr; Modified: head/sys/netinet6/in6.c ============================================================================== --- head/sys/netinet6/in6.c Fri Jan 9 21:39:44 2009 (r186979) +++ head/sys/netinet6/in6.c Fri Jan 9 21:57:49 2009 (r186980) @@ -2240,6 +2240,10 @@ in6_lltable_dump(struct lltable *llt, st /* skip deleted or invalid entries */ if ((lle->la_flags & (LLE_DELETED|LLE_VALID)) != LLE_VALID) continue; + /* Skip if jailed and not a valid IP of the prison. */ + if (jailed(wr->td->td_ucred) && + !prison_if(wr->td->td_ucred, L3_ADDR(lle))) + continue; /* * produce a msg made of: * struct rt_msghdr;