Date: Tue, 25 May 2004 08:02:13 -0700 (PDT) From: "Christian S.J. Peron" <csjp@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet ip_fw2.c Message-ID: <200405251502.i4PF2Dc3002210@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
csjp 2004/05/25 08:02:13 PDT FreeBSD src repository Modified files: sys/netinet ip_fw2.c Log: Add a super-user check to ipfw_ctl() to make sure that the calling process is a non-prison root. The security.jail.allow_raw_sockets sysctl variable is disabled by default, however if the user enables raw sockets in prisons, prison-root should not be able to interact with firewall rule sets. Approved by: rwatson, bmilekic (mentor) Revision Changes Path 1.58 +4 -0 src/sys/netinet/ip_fw2.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200405251502.i4PF2Dc3002210>