From owner-svn-src-all@FreeBSD.ORG Fri Jan 9 22:00:16 2009 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C51FA106567B; Fri, 9 Jan 2009 22:00:16 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 9E3DF8FC0A; Fri, 9 Jan 2009 22:00:09 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 3C0B341C650; Fri, 9 Jan 2009 23:00:06 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id NXuApMfAW58e; Fri, 9 Jan 2009 23:00:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id A75D641C64A; Fri, 9 Jan 2009 23:00:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id CB2CB4448DD; Fri, 9 Jan 2009 21:59:53 +0000 (UTC) Date: Fri, 9 Jan 2009 21:59:53 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org In-Reply-To: <200901092157.n09LvnG4070060@svn.freebsd.org> Message-ID: <20090109215851.B45399@maildrop.int.zabbadoz.net> References: <200901092157.n09LvnG4070060@svn.freebsd.org> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: Re: svn commit: r186980 - in head/sys: net netinet netinet6 X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Jan 2009 22:00:22 -0000 On Fri, 9 Jan 2009, Bjoern A. Zeeb wrote: > Author: bz > Date: Fri Jan 9 21:57:49 2009 > New Revision: 186980 > URL: http://svn.freebsd.org/changeset/base/186980 > > Log: > Restrict arp, ndp and theoretically the FIB listing (if not > read with libkvm) to the addresses of a prison, when inside a > jail. [1] > As the patch from the PR was pre-'new-arp', add checks to the > llt_dump handlers as well. > > While touching RTM_GET in route_output(), consistently use > curthread credentials rather than the creds from the socket > there. [2] > > PR: kern/68189 > Submitted by: Mark Delany [1] That should have been: Submitted by: Uwe Doering [1] > Discussed with: rwatson [2] > Reviewed by: rwatson > MFC after: 4 weeks > > Modified: > head/sys/net/rtsock.c > head/sys/netinet/in.c > head/sys/netinet6/in6.c > > Modified: head/sys/net/rtsock.c > ============================================================================== > --- head/sys/net/rtsock.c Fri Jan 9 21:39:44 2009 (r186979) > +++ head/sys/net/rtsock.c Fri Jan 9 21:57:49 2009 (r186980) > @@ -611,6 +611,12 @@ route_output(struct mbuf *m, struct sock > case RTM_GET: > report: > RT_LOCK_ASSERT(rt); > + if (jailed(curthread->td_ucred) && > + ((rt->rt_flags & RTF_HOST) == 0 || > + !prison_if(curthread->td_ucred, rt_key(rt)))) { > + RT_UNLOCK(rt); > + senderr(ESRCH); > + } > info.rti_info[RTAX_DST] = rt_key(rt); > info.rti_info[RTAX_GATEWAY] = rt->rt_gateway; > info.rti_info[RTAX_NETMASK] = rt_mask(rt); > @@ -620,10 +626,10 @@ route_output(struct mbuf *m, struct sock > if (ifp) { > info.rti_info[RTAX_IFP] = > ifp->if_addr->ifa_addr; > - if (jailed(so->so_cred)) { > + if (jailed(curthread->td_ucred)) { > error = rtm_get_jailed( > &info, ifp, rt, &saun, > - so->so_cred); > + curthread->td_ucred); > if (error != 0) { > RT_UNLOCK(rt); > senderr(ESRCH); > @@ -1256,6 +1262,10 @@ sysctl_dumpentry(struct radix_node *rn, > > if (w->w_op == NET_RT_FLAGS && !(rt->rt_flags & w->w_arg)) > return 0; > + if (jailed(w->w_req->td->td_ucred) && > + ((rt->rt_flags & RTF_HOST) == 0 || > + !prison_if(w->w_req->td->td_ucred, rt_key(rt)))) > + return (0); > bzero((caddr_t)&info, sizeof(info)); > info.rti_info[RTAX_DST] = rt_key(rt); > info.rti_info[RTAX_GATEWAY] = rt->rt_gateway; > > Modified: head/sys/netinet/in.c > ============================================================================== > --- head/sys/netinet/in.c Fri Jan 9 21:39:44 2009 (r186979) > +++ head/sys/netinet/in.c Fri Jan 9 21:57:49 2009 (r186980) > @@ -1201,6 +1201,10 @@ in_lltable_dump(struct lltable *llt, str > /* skip deleted entries */ > if ((lle->la_flags & (LLE_DELETED|LLE_VALID)) != LLE_VALID) > continue; > + /* Skip if jailed and not a valid IP of the prison. */ > + if (jailed(wr->td->td_ucred) && > + !prison_if(wr->td->td_ucred, L3_ADDR(lle))) > + continue; > /* > * produce a msg made of: > * struct rt_msghdr; > > Modified: head/sys/netinet6/in6.c > ============================================================================== > --- head/sys/netinet6/in6.c Fri Jan 9 21:39:44 2009 (r186979) > +++ head/sys/netinet6/in6.c Fri Jan 9 21:57:49 2009 (r186980) > @@ -2240,6 +2240,10 @@ in6_lltable_dump(struct lltable *llt, st > /* skip deleted or invalid entries */ > if ((lle->la_flags & (LLE_DELETED|LLE_VALID)) != LLE_VALID) > continue; > + /* Skip if jailed and not a valid IP of the prison. */ > + if (jailed(wr->td->td_ucred) && > + !prison_if(wr->td->td_ucred, L3_ADDR(lle))) > + continue; > /* > * produce a msg made of: > * struct rt_msghdr; > -- Bjoern A. Zeeb The greatest risk is not taking one.