Date: Wed, 12 Oct 2005 04:40:20 GMT From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: freebsd-ipfw@FreeBSD.org Subject: Re: kern/87032: [PATCH] ipfw ioctl interface implementation Message-ID: <200510120440.j9C4eKFZ027822@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/87032; it has been noted by GNATS. From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/87032: [PATCH] ipfw ioctl interface implementation Date: Wed, 12 Oct 2005 08:36:51 +0400 This is a multi-part message in MIME format. --------------050604070508040903090904 Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Related with the jail the addition patch. Full last version of the patch can be found on the URL http://butcher.heavennet.ru/ipfw_ioctl/ --------------050604070508040903090904 Content-Type: text/plain; name="netinet.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="netinet.diff" --- sys/netinet/ip_dummynet.c.orig Tue Oct 11 16:33:13 2005 +++ sys/netinet/ip_dummynet.c Wed Oct 12 08:01:24 2005 @@ -88,6 +88,7 @@ #ifdef DEV_DNCTL #include <sys/conf.h> #include <sys/fcntl.h> +#include <sys/jail.h> #include <netinet/ip_dummynet_io.h> static d_ioctl_t ip_dn_ioctl; @@ -2119,6 +2120,9 @@ size_t size; struct ip_dummynet_ctl* ctl = (struct ip_dummynet_ctl*)data; + if (jailed(td->td_ucred)) { + return EPERM; + } switch(cmd) { case IPDNIOCSCMD: if ((fflag & FWRITE) != FWRITE) { --- sys/netinet/ip_fw2.c.orig Tue Oct 11 16:19:32 2005 +++ sys/netinet/ip_fw2.c Wed Oct 12 07:58:55 2005 @@ -4127,6 +4127,9 @@ size_t size; struct ip_fw_ctl* ctl = (struct ip_fw_ctl*)data; + if (jailed(td->td_ucred)) { + return EPERM; + } switch(cmd) { /* * IPFWIOCSCMD makes some modifications of ipfw's state --------------050604070508040903090904--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510120440.j9C4eKFZ027822>