Date: Tue, 25 May 2004 08:02:13 -0700 (PDT) From: "Christian S.J. Peron" <csjp@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet ip_fw2.c Message-ID: <200405251502.i4PF2Dc3002210@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
csjp 2004/05/25 08:02:13 PDT
FreeBSD src repository
Modified files:
sys/netinet ip_fw2.c
Log:
Add a super-user check to ipfw_ctl() to make sure that the calling
process is a non-prison root. The security.jail.allow_raw_sockets
sysctl variable is disabled by default, however if the user enables
raw sockets in prisons, prison-root should not be able to interact
with firewall rule sets.
Approved by: rwatson, bmilekic (mentor)
Revision Changes Path
1.58 +4 -0 src/sys/netinet/ip_fw2.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200405251502.i4PF2Dc3002210>