Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 9 Jan 2009 21:59:53 +0000 (UTC)
From:      "Bjoern A. Zeeb" <bz@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org,  svn-src-head@freebsd.org
Subject:   Re: svn commit: r186980 - in head/sys: net netinet netinet6
Message-ID:  <20090109215851.B45399@maildrop.int.zabbadoz.net>
In-Reply-To: <200901092157.n09LvnG4070060@svn.freebsd.org>
References:  <200901092157.n09LvnG4070060@svn.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 9 Jan 2009, Bjoern A. Zeeb wrote:

> Author: bz
> Date: Fri Jan  9 21:57:49 2009
> New Revision: 186980
> URL: http://svn.freebsd.org/changeset/base/186980
>
> Log:
>  Restrict arp, ndp and theoretically the FIB listing (if not
>  read with libkvm) to the addresses of a prison, when inside a
>  jail. [1]
>  As the patch from the PR was pre-'new-arp', add checks to the
>  llt_dump handlers as well.
>
>  While touching RTM_GET in route_output(), consistently use
>  curthread credentials rather than the creds from the socket
>  there. [2]
>
>  PR:		kern/68189
>  Submitted by:	Mark Delany <sxcg2-fuwxj@qmda.emu.st> [1]

That should have been:
Submitted by:		Uwe Doering <gemini@geminix.org> [1]


>  Discussed with:	rwatson [2]
>  Reviewed by:	rwatson
>  MFC after:	4 weeks
>
> Modified:
>  head/sys/net/rtsock.c
>  head/sys/netinet/in.c
>  head/sys/netinet6/in6.c
>
> Modified: head/sys/net/rtsock.c
> ==============================================================================
> --- head/sys/net/rtsock.c	Fri Jan  9 21:39:44 2009	(r186979)
> +++ head/sys/net/rtsock.c	Fri Jan  9 21:57:49 2009	(r186980)
> @@ -611,6 +611,12 @@ route_output(struct mbuf *m, struct sock
> 		case RTM_GET:
> 		report:
> 			RT_LOCK_ASSERT(rt);
> +			if (jailed(curthread->td_ucred) &&
> +			    ((rt->rt_flags & RTF_HOST) == 0 ||
> +			    !prison_if(curthread->td_ucred, rt_key(rt)))) {
> +				RT_UNLOCK(rt);
> +				senderr(ESRCH);
> +			}
> 			info.rti_info[RTAX_DST] = rt_key(rt);
> 			info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
> 			info.rti_info[RTAX_NETMASK] = rt_mask(rt);
> @@ -620,10 +626,10 @@ route_output(struct mbuf *m, struct sock
> 				if (ifp) {
> 					info.rti_info[RTAX_IFP] =
> 					    ifp->if_addr->ifa_addr;
> -					if (jailed(so->so_cred)) {
> +					if (jailed(curthread->td_ucred)) {
> 						error = rtm_get_jailed(
> 						    &info, ifp, rt, &saun,
> -						    so->so_cred);
> +						    curthread->td_ucred);
> 						if (error != 0) {
> 							RT_UNLOCK(rt);
> 							senderr(ESRCH);
> @@ -1256,6 +1262,10 @@ sysctl_dumpentry(struct radix_node *rn,
>
> 	if (w->w_op == NET_RT_FLAGS && !(rt->rt_flags & w->w_arg))
> 		return 0;
> +	if (jailed(w->w_req->td->td_ucred) &&
> +	    ((rt->rt_flags & RTF_HOST) == 0 ||
> +	    !prison_if(w->w_req->td->td_ucred, rt_key(rt))))
> +		return (0);
> 	bzero((caddr_t)&info, sizeof(info));
> 	info.rti_info[RTAX_DST] = rt_key(rt);
> 	info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
>
> Modified: head/sys/netinet/in.c
> ==============================================================================
> --- head/sys/netinet/in.c	Fri Jan  9 21:39:44 2009	(r186979)
> +++ head/sys/netinet/in.c	Fri Jan  9 21:57:49 2009	(r186980)
> @@ -1201,6 +1201,10 @@ in_lltable_dump(struct lltable *llt, str
> 			/* skip deleted entries */
> 			if ((lle->la_flags & (LLE_DELETED|LLE_VALID)) != LLE_VALID)
> 				continue;
> +			/* Skip if jailed and not a valid IP of the prison. */
> +			if (jailed(wr->td->td_ucred) &&
> +			    !prison_if(wr->td->td_ucred, L3_ADDR(lle)))
> +				continue;
> 			/*
> 			 * produce a msg made of:
> 			 *  struct rt_msghdr;
>
> Modified: head/sys/netinet6/in6.c
> ==============================================================================
> --- head/sys/netinet6/in6.c	Fri Jan  9 21:39:44 2009	(r186979)
> +++ head/sys/netinet6/in6.c	Fri Jan  9 21:57:49 2009	(r186980)
> @@ -2240,6 +2240,10 @@ in6_lltable_dump(struct lltable *llt, st
> 			/* skip deleted or invalid entries */
> 			if ((lle->la_flags & (LLE_DELETED|LLE_VALID)) != LLE_VALID)
> 				continue;
> +			/* Skip if jailed and not a valid IP of the prison. */
> +			if (jailed(wr->td->td_ucred) &&
> +			    !prison_if(wr->td->td_ucred, L3_ADDR(lle)))
> +				continue;
> 			/*
> 			 * produce a msg made of:
> 			 *  struct rt_msghdr;
>

-- 
Bjoern A. Zeeb                      The greatest risk is not taking one.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090109215851.B45399>