From owner-cvs-src@FreeBSD.ORG  Thu Oct 14 11:45:26 2004
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7498716A4CE; Thu, 14 Oct 2004 11:45:26 +0000 (GMT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 66A0743D39; Thu, 14 Oct 2004 11:45:26 +0000 (GMT)
	(envelope-from rwatson@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.11/8.12.11) with ESMTP id i9EBjQ0n095585;
	Thu, 14 Oct 2004 11:45:26 GMT
	(envelope-from rwatson@repoman.freebsd.org)
Received: (from rwatson@localhost)
	by repoman.freebsd.org (8.12.11/8.12.11/Submit) id i9EBjQid095584;
	Thu, 14 Oct 2004 11:45:26 GMT
	(envelope-from rwatson)
Message-Id: <200410141145.i9EBjQid095584@repoman.freebsd.org>
From: Robert Watson <rwatson@FreeBSD.org>
Date: Thu, 14 Oct 2004 11:45:26 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: RELENG_5
Subject: cvs commit: src/sys/netinet raw_ip.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Oct 2004 11:45:26 -0000

rwatson     2004-10-14 11:45:26 UTC

  FreeBSD src repository

  Modified files:        (Branch: RELENG_5)
    sys/netinet          raw_ip.c 
  Log:
  Merge raw_ip.c:1.145 from HEAD to RELENG_5:
  
    date: 2004/10/12 16:47:25;  author: rwatson;  state: Exp;  lines: +41 -20
    When the access control on creating raw sockets was modified so that
    processes in jail could create raw sockets, additional access control
    checks were added to raw IP sockets to limit the ways in which those
    sockets could be used.  Specifically, only the socket option IP_HDRINCL
    was permitted in rip_ctloutput().  Other socket options were protected
    by a call to suser().  This change was required to prevent processes
    in a Jail from modifying system properties such as multicast routing
    and firewall rule sets.
  
    However, it also introduced a regression: processes that create a raw
    socket with root privilege, but then downgraded credential (i.e., a
    daemon giving up root, or a setuid process switching back to the real
    uid) could no longer issue other unprivileged generic IP socket option
    operations, such as IP_TOS, IP_TTL, and the multicast group membership
    options, which prevented multicast routing daemons (and some other
    tools) from operating correctly.
  
    This change pushes the access control decision down to the granularity
    of individual socket options, rather than all socket options, on raw
    IP sockets.  When rip_ctloutput() doesn't implement an option, it will
    now pass the request directly to in_control() without an access
    control check.  This should restore the functionality of the generic
    IP socket options for raw sockets in the above-described scenarios,
    which may be confirmed with the ipsockopt regression test.
  
    RELENG_5 candidate.
  
    Reviewed by:    csjp
  
  Approved by:    re (scottl)
  
  Revision   Changes    Path
  1.142.2.2  +41 -20    src/sys/netinet/raw_ip.c