From nobody Mon Feb 16 19:47:34 2026 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fFCwk6t9Hz6SFj2 for ; Mon, 16 Feb 2026 19:47:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fFCwk4YC2z3pCr for ; Mon, 16 Feb 2026 19:47:34 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1771271254; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=8JOADfKQQS4g5FI2WGC7ULwaTD+tjaRdWfwrkxjhvwY=; b=nysYAfQxER5/BDH6OS+4MDG1fH+/Ct/C51FvxH4haqri3TLFJA8zBxXXnhh+Cw7LmJu5ql 9nXSGd8VUcDgWfCsgRRaPbzRmby821Xhs1rPLjXqb//+bDLtPnDlCbkYhl/3E6KWmH8509 bpYgyB9sXHshqM6IKJgqeqWRPNX/T14fLlUguqgjdD4e/gOwuDJKG/BvBbCMtDtqsJ9X7O ulmL9jTzzFYYhuSl7kCcPXm1Rq8oqg1v3IOy2r6OntS15sV2z4QqINs6ydsvpWRIJHvyKT WEokGkGbROXcuTcQiDQf+nOdjrnfDL5uNmDUZnOpmz21VF9HebKyBjnejbFF3w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1771271254; a=rsa-sha256; cv=none; b=BlBs3rDH3nJsC9W7TbTMjfdtca7A4m5kBRca5wXQV0yyvbBHzA/zOlZyyMDdu1bUuKcTb9 eCGJCWb0WD/vIV5C6YJumwY2HiFWRVIm4GG24bIiSVF93oVrA4ROqV/KUhucOR5oxMuIdF PQZWT1F3yGW/n3C+TTP2zYaCSC92yhCmS9unTGDTDJ5RV6t4oGPJWKfZrGaBefR91ioXtl m8xRr+/dIiht9wIo/2sQ6NF0qOgQXztwxAePiRhbnZWOigzaukkaeLvnnDO57+XpUw/Fcu zi9cxEKuisjOG4n1Y9Z0CUSW4YxGCBJ6c9y8SPLFlzrqObY53/+MAhAoaAkh1A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1771271254; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=8JOADfKQQS4g5FI2WGC7ULwaTD+tjaRdWfwrkxjhvwY=; b=kovxtf7XdV9jAOlrza8RmTFd7KA1sA8dI3HS6f/Cv2/38348j02iElzCUEiqP6eAKqDFnv QmZFSaSaU/7ETDbbNawGB+bTpQyr2INkDhBXugzLqsfmWjH9bc3HaD84WeALbQgjgihJs7 2EcGWvdHNuWUqyvqJKfEBbjSiP0x7/07TSwhsXSBWPFfvq5K4AUaJDvvBPBkOMYxybyxUj CRUbeLZsnKEaxodL+L8KV8uOAEczBREFv3hS/YEd3V9d3MX/33l/ruJGGEiTomFCxq7TKo 4ge5SaVdN5jyK/GEEiCC2CDGhbbzI+1HD8FnHYgiLP9RuPyxc/RU/hZP40Hzvg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fFCwk3jdSzdLY for ; Mon, 16 Feb 2026 19:47:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3f9c8 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Mon, 16 Feb 2026 19:47:34 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 2e8f0a46d391 - stable/14 - ip_mroute: Make privilege checking more consistent List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 2e8f0a46d391c43f22c8deaa88e2c03cf205b8a4 Auto-Submitted: auto-generated Date: Mon, 16 Feb 2026 19:47:34 +0000 Message-Id: <69937456.3f9c8.fb5c22@gitrepo.freebsd.org> The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=2e8f0a46d391c43f22c8deaa88e2c03cf205b8a4 commit 2e8f0a46d391c43f22c8deaa88e2c03cf205b8a4 Author: Mark Johnston AuthorDate: 2026-02-02 14:53:35 +0000 Commit: Mark Johnston CommitDate: 2026-02-16 16:09:28 +0000 ip_mroute: Make privilege checking more consistent - The v6 socket option and ioctl handlers had no privilege checks at all. The socket options, I believe, can only be reached via a raw socket, but a jailed root user with a raw socket shouldn't be able to configure multicast routing in a non-VNET jail. The ioctls can only be used to fetch stats. - Delete a bogus comment in X_mrt_ioctl(), one can issue multicast routing ioctls against any socket. Note that the call path is soo_ioctl()->rtioctl_fib()->mrt_ioctl(). I think all of the mroute privilege checks should be done within the ip(6)_mroute code, but let's first make the v4 and v6 modules consistent. Reviewed by: glebius MFC after: 2 weeks Sponsored by: Stormshield Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D54982 (cherry picked from commit 74839871be363c5c2ac7ccd3396f36bdb58d19de) --- sys/netinet/ip_mroute.c | 5 ----- sys/netinet6/ip6_mroute.c | 15 +++++++++------ sys/netinet6/raw_ip6.c | 6 ++++++ 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/sys/netinet/ip_mroute.c b/sys/netinet/ip_mroute.c index 133269edf3ba..5c71f6658a8f 100644 --- a/sys/netinet/ip_mroute.c +++ b/sys/netinet/ip_mroute.c @@ -542,11 +542,6 @@ X_mrt_ioctl(u_long cmd, caddr_t data, int fibnum __unused) { int error; - /* - * Currently the only function calling this ioctl routine is rtioctl_fib(). - * Typically, only root can create the raw socket in order to execute - * this ioctl method, however the request might be coming from a prison - */ error = priv_check(curthread, PRIV_NETINET_MROUTE); if (error) return (error); diff --git a/sys/netinet6/ip6_mroute.c b/sys/netinet6/ip6_mroute.c index 3d5fc75d9a07..76e20b110d72 100644 --- a/sys/netinet6/ip6_mroute.c +++ b/sys/netinet6/ip6_mroute.c @@ -92,6 +92,7 @@ #include #include #include +#include #include #include #include @@ -459,24 +460,26 @@ X_ip6_mrouter_get(struct socket *so, struct sockopt *sopt) static int X_mrt6_ioctl(u_long cmd, caddr_t data) { - int ret; - - ret = EINVAL; + int error; + error = priv_check(curthread, PRIV_NETINET_MROUTE); + if (error) + return (error); + error = EINVAL; switch (cmd) { case SIOCGETSGCNT_IN6: - ret = get_sg_cnt((struct sioc_sg_req6 *)data); + error = get_sg_cnt((struct sioc_sg_req6 *)data); break; case SIOCGETMIFCNT_IN6: - ret = get_mif6_cnt((struct sioc_mif_req6 *)data); + error = get_mif6_cnt((struct sioc_mif_req6 *)data); break; default: break; } - return (ret); + return (error); } /* diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index caee18cab071..caefba22c0ca 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -607,6 +607,9 @@ rip6_ctloutput(struct socket *so, struct sockopt *sopt) case MRT6_ADD_MFC: case MRT6_DEL_MFC: case MRT6_PIM: + error = priv_check(curthread, PRIV_NETINET_MROUTE); + if (error != 0) + return (error); if (inp->inp_ip_p != IPPROTO_ICMPV6) return (EOPNOTSUPP); error = ip6_mrouter_get ? ip6_mrouter_get(so, sopt) : @@ -630,6 +633,9 @@ rip6_ctloutput(struct socket *so, struct sockopt *sopt) case MRT6_ADD_MFC: case MRT6_DEL_MFC: case MRT6_PIM: + error = priv_check(curthread, PRIV_NETINET_MROUTE); + if (error != 0) + return (error); if (inp->inp_ip_p != IPPROTO_ICMPV6) return (EOPNOTSUPP); error = ip6_mrouter_set ? ip6_mrouter_set(so, sopt) :