From nobody Mon Feb 16 15:44:33 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fF6XL3y1zz6RxbB for ; Mon, 16 Feb 2026 15:44:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fF6XK72M4z4PVm for ; Mon, 16 Feb 2026 15:44:33 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1771256674; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=dL16ttQv2EFDXboK8xXEcJZAKtmFcCLwSNuphj/hCgY=; b=MqwTa8xnwY8zaare7k5/L1PI2aMSS5NkpasFZVdkUQT7/cOCrrLJkEVuoCwBXSB+2jqPpo OaY0cOe75Gfc+RDSDs8e8i3guBRNkI2ihMrRy8QJXJeaSVau7GrSqvN/DMOyKAuY1Dn7s8 gbfdPAU/+Z00YVjbBu71OciSRX1vAILWY4b7MjuKYsPxFUXFbDH4/fuMMwkxbriIkavCug kfaa9iNqctDTvkjgbW98oVG443w/F0/ajX/pUFlbMPnJXPri31mTQI5l0nWA91gltH8JQm YfkHTvc12XL8dj9vYwyQ5YLrePG6XRE69RGM4AXqMcd7weicuMyOv7ZREpoQdA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1771256674; a=rsa-sha256; cv=none; b=ENzQ0/u4fTMI6wBV0RQFOKT89xAhMXWMvyuFI/LumfHddrcVUI0sBkQ8zkcPxXvO9cJfJJ 6OKoQ8VwVfTj76AuI9KEVtPd5PLcLwfS8gH3qvOwejs6i9a+HGa32XKRwITJVEmMHKlYyq r605fIsqkp7i48RkNsFkwvoNhtrrdnnqyucwiNCr8n2pqr+brQUpkD9e7NP69aNKbSw5PX 5PkZ+bOMGCCCzOEE7sSgp7WEIdnY15NgfIpGts55nZcUXr3spiwiovFNsnMHrUCLszLRzD 9Zf4WjkKIH9sWjt2VVQAeQw76m1p9ipcLoLS9lvvWqgt4oypPze1i0IrK/Ku3A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1771256674; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=dL16ttQv2EFDXboK8xXEcJZAKtmFcCLwSNuphj/hCgY=; b=pcF0QQ91draJcB1XE7c4G5RF56gV8C8Wu1tkqXxCtrZmp7x4erNACCRslmeU4ZbnLBjLX+ e3JHELDerHI96VFitIdIWpMSZIkj67lS3/fGiG1nui/Nu57M6eJHo0ZZYM5N3bG2L/c0iM o7lnh3KI7OpwbgsKB9udeWI+71Da1SrruljHEarAuhLZW4nnYOSol38KkP+/DkOOUZdhLC drmZdItxjt9KzqDBz8ccOqVxJppwOjDKJwRqMaZiO6FWtL28d2MUGUjtDviRXjl9yer0hN sZLUXFlDMzSYTUKae4m5OfgY0dzEwUSGeM8I506xy0kwAdAKS6TRWd7Q17+qxw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fF6XK6bHjzTXX for ; Mon, 16 Feb 2026 15:44:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 20867 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Mon, 16 Feb 2026 15:44:33 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: bba9e2072966 - stable/15 - ip_mroute: Make privilege checking more consistent List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: bba9e20729660da478743d9965a11717fde56484 Auto-Submitted: auto-generated Date: Mon, 16 Feb 2026 15:44:33 +0000 Message-Id: <69933b61.20867.7b95d192@gitrepo.freebsd.org> The branch stable/15 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=bba9e20729660da478743d9965a11717fde56484 commit bba9e20729660da478743d9965a11717fde56484 Author: Mark Johnston AuthorDate: 2026-02-02 14:53:35 +0000 Commit: Mark Johnston CommitDate: 2026-02-16 13:46:36 +0000 ip_mroute: Make privilege checking more consistent - The v6 socket option and ioctl handlers had no privilege checks at all. The socket options, I believe, can only be reached via a raw socket, but a jailed root user with a raw socket shouldn't be able to configure multicast routing in a non-VNET jail. The ioctls can only be used to fetch stats. - Delete a bogus comment in X_mrt_ioctl(), one can issue multicast routing ioctls against any socket. Note that the call path is soo_ioctl()->rtioctl_fib()->mrt_ioctl(). I think all of the mroute privilege checks should be done within the ip(6)_mroute code, but let's first make the v4 and v6 modules consistent. Reviewed by: glebius MFC after: 2 weeks Sponsored by: Stormshield Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D54982 (cherry picked from commit 74839871be363c5c2ac7ccd3396f36bdb58d19de) --- sys/netinet/ip_mroute.c | 5 ----- sys/netinet6/ip6_mroute.c | 15 +++++++++------ sys/netinet6/raw_ip6.c | 6 ++++++ 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/sys/netinet/ip_mroute.c b/sys/netinet/ip_mroute.c index 73f17adf5728..c69f3cc8b41e 100644 --- a/sys/netinet/ip_mroute.c +++ b/sys/netinet/ip_mroute.c @@ -547,11 +547,6 @@ X_mrt_ioctl(u_long cmd, caddr_t data, int fibnum __unused) { int error; - /* - * Currently the only function calling this ioctl routine is rtioctl_fib(). - * Typically, only root can create the raw socket in order to execute - * this ioctl method, however the request might be coming from a prison - */ error = priv_check(curthread, PRIV_NETINET_MROUTE); if (error) return (error); diff --git a/sys/netinet6/ip6_mroute.c b/sys/netinet6/ip6_mroute.c index 275c3ae2d7f1..5b9330c290d7 100644 --- a/sys/netinet6/ip6_mroute.c +++ b/sys/netinet6/ip6_mroute.c @@ -90,6 +90,7 @@ #include #include #include +#include #include #include #include @@ -457,24 +458,26 @@ X_ip6_mrouter_get(struct socket *so, struct sockopt *sopt) static int X_mrt6_ioctl(u_long cmd, caddr_t data) { - int ret; - - ret = EINVAL; + int error; + error = priv_check(curthread, PRIV_NETINET_MROUTE); + if (error) + return (error); + error = EINVAL; switch (cmd) { case SIOCGETSGCNT_IN6: - ret = get_sg_cnt((struct sioc_sg_req6 *)data); + error = get_sg_cnt((struct sioc_sg_req6 *)data); break; case SIOCGETMIFCNT_IN6: - ret = get_mif6_cnt((struct sioc_mif_req6 *)data); + error = get_mif6_cnt((struct sioc_mif_req6 *)data); break; default: break; } - return (ret); + return (error); } /* diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index c90a1213bd66..7deb605c07a2 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -604,6 +604,9 @@ rip6_ctloutput(struct socket *so, struct sockopt *sopt) case MRT6_ADD_MFC: case MRT6_DEL_MFC: case MRT6_PIM: + error = priv_check(curthread, PRIV_NETINET_MROUTE); + if (error != 0) + return (error); if (inp->inp_ip_p != IPPROTO_ICMPV6) return (EOPNOTSUPP); error = ip6_mrouter_get ? ip6_mrouter_get(so, sopt) : @@ -627,6 +630,9 @@ rip6_ctloutput(struct socket *so, struct sockopt *sopt) case MRT6_ADD_MFC: case MRT6_DEL_MFC: case MRT6_PIM: + error = priv_check(curthread, PRIV_NETINET_MROUTE); + if (error != 0) + return (error); if (inp->inp_ip_p != IPPROTO_ICMPV6) return (EOPNOTSUPP); error = ip6_mrouter_set ? ip6_mrouter_set(so, sopt) :