Date: Thu, 30 Aug 2001 14:58:40 +0300 From: Ruslan Ermilov <ru@FreeBSD.org> To: net@FreeBSD.org, security@FreeBSD.org Subject: Proposed change to route(4) sockets to make them available to non-superuser Message-ID: <20010830145840.A1554@sunbay.com>
next in thread | raw e-mail | index | archive | help
--17pEHd4RhPHOinZp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi! The attached patch allows non-superuser to open, listen to, and send safe commands on the routing socket. Superuser privilege is required for all commands but RTM_GET. This has been in NetBSD and OpenBSD since 1997. This also allows us to drop setuid root privilege from the route(8) command. I would like to commit this patch on Monday if I hear no reasonable objections. Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --17pEHd4RhPHOinZp Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=p Index: sys/net/raw_usrreq.c =================================================================== RCS file: /home/ncvs/src/sys/net/raw_usrreq.c,v retrieving revision 1.19 diff -u -p -r1.19 raw_usrreq.c --- sys/net/raw_usrreq.c 2000/10/29 16:06:43 1.19 +++ sys/net/raw_usrreq.c 2001/08/30 11:53:09 @@ -153,12 +153,9 @@ static int raw_uattach(struct socket *so, int proto, struct proc *p) { struct rawcb *rp = sotorawcb(so); - int error; if (rp == 0) return EINVAL; - if (p && (error = suser(p)) != 0) - return error; return raw_attach(so, proto); } Index: sys/net/rtsock.c =================================================================== RCS file: /home/ncvs/src/sys/net/rtsock.c,v retrieving revision 1.55 diff -u -p -r1.55 rtsock.c --- sys/net/rtsock.c 2001/08/02 19:56:29 1.55 +++ sys/net/rtsock.c 2001/08/30 11:53:12 @@ -326,6 +326,14 @@ route_output(m, so) else senderr(ENOBUFS); } + + /* + * Verify that the caller has the appropriate privilege; RTM_GET + * is the only operation the non-superuser is allowed. + */ + if (rtm->rtm_type != RTM_GET && suser(curproc) != 0) + senderr(EACCES); + switch (rtm->rtm_type) { case RTM_ADD: Index: sbin/route/Makefile =================================================================== RCS file: /home/ncvs/src/sbin/route/Makefile,v retrieving revision 1.13 diff -u -p -r1.13 Makefile --- sbin/route/Makefile 2001/03/26 14:33:22 1.13 +++ sbin/route/Makefile 2001/08/30 11:53:12 @@ -7,7 +7,6 @@ SRCS= route.c keywords.h CFLAGS+=-I. -Wall -DNS CFLAGS+=-DINET6 CLEANFILES+=keywords.h -BINMODE=4555 keywords.h: keywords sed -e '/^#/d' -e '/^$$/d' ${.CURDIR}/keywords > _keywords.tmp Index: sbin/route/route.c =================================================================== RCS file: /home/ncvs/src/sbin/route/route.c,v retrieving revision 1.55 diff -u -p -r1.55 route.c --- sbin/route/route.c 2001/08/20 14:53:05 1.55 +++ sbin/route/route.c 2001/08/30 11:53:23 @@ -100,13 +100,14 @@ union sockunion { } so_dst, so_gate, so_mask, so_genmask, so_ifa, so_ifp; typedef union sockunion *sup; -int pid, rtm_addrs, uid; +int pid, rtm_addrs; int s; int forcehost, forcenet, doflush, nflag, af, qflag, tflag, keyword(); int iflag, verbose, aflen = sizeof (struct sockaddr_in); int locking, lockrest, debugonly; struct rt_metrics rt_metrics; u_long rtm_inits; +uid_t uid; int atalk_aton __P((const char *, struct at_addr *)); char *atalk_ntoa __P((struct at_addr)); const char *routename(), *netname(); @@ -176,7 +177,6 @@ main(argc, argv) s = socket(PF_ROUTE, SOCK_RAW, 0); if (s < 0) err(EX_OSERR, "socket"); - setuid(uid); if (*argv) switch (keyword(*argv)) { case K_GET: --17pEHd4RhPHOinZp-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010830145840.A1554>