Add a comment above rip_ctloutput() documenting that the privilege

check for raw IP system management operations is often (although not always) implicit due to the namespacing of raw IP sockets. I.e., you have to have privilege to get a raw IP socket, so much of the management code sitting on raw IP sockets assumes that any requests on the socket should be granted privilege. Obtained from: TrustedBSD Project Product of: France
svn path=/head/; revision=117737
2003-07-18 16:10:36 +00:00 · 2003-07-18 16:10:36 +00:00 · 83503a9227 · 2020-12-20 02:59:44 +00:00
commit 83503a9227
parent 8522511b2a
1 changed files with 10 additions and 0 deletions
--- a/sys/netinet/raw_ip.c
+++ b/sys/netinet/raw_ip.c
@ -328,6 +328,16 @@ rip_output(m, so, dst)

 /*
 * Raw IP socket option processing.
+ *
+ * Note that access to all of the IP administrative functions here is
+ * implicitly protected by suser() as gaining access to a raw socket
+ * requires either that the thread pass a suser() check, or that it be
+ * passed a raw socket by another thread that has passed a suser() check.
+ * If FreeBSD moves to a more fine-grained access control mechanism,
+ * additional checks will need to be placed here if the raw IP attachment
+ * check is not equivilent the the check required for these
+ * administrative operations; in some cases, these checks are already
+ * present.
 */
 int
 rip_ctloutput(so, sopt)