Synch with NetBSD and OpenBSD.

Allow non-superuser to open, listen to, and send safe commands on the
routing socket.  Superuser priviledge is required for all commands
but RTM_GET.

Lose `setuid root' bit of route(8).

Reviewed by:	wollman, dd

sbin/route/Makefile

@@ -7,7 +7,6 @@ SRCS=	route.c keywords.h
 CFLAGS+=-I. -Wall -DNS
 CFLAGS+=-DINET6
 CLEANFILES+=keywords.h
-BINMODE=4555
 
 keywords.h: keywords
 	sed -e '/^#/d' -e '/^$$/d' ${.CURDIR}/keywords > _keywords.tmp

sbin/route/route.c

@@ -100,13 +100,14 @@ union	sockunion {
 } so_dst, so_gate, so_mask, so_genmask, so_ifa, so_ifp;
 
 typedef union sockunion *sup;
-int	pid, rtm_addrs, uid;
+int	pid, rtm_addrs;
 int	s;
 int	forcehost, forcenet, doflush, nflag, af, qflag, tflag, keyword();
 int	iflag, verbose, aflen = sizeof (struct sockaddr_in);
 int	locking, lockrest, debugonly;
 struct	rt_metrics rt_metrics;
 u_long  rtm_inits;
+uid_t	uid;
 int	atalk_aton __P((const char *, struct at_addr *));
 char	*atalk_ntoa __P((struct at_addr));
 const char	*routename(), *netname();
@@ -176,7 +177,6 @@ main(argc, argv)
 		s = socket(PF_ROUTE, SOCK_RAW, 0);
 	if (s < 0)
 		err(EX_OSERR, "socket");
-	setuid(uid);
 	if (*argv)
 		switch (keyword(*argv)) {
 		case K_GET:

sys/net/rtsock.c

@@ -123,7 +123,7 @@ rts_attach(struct socket *so, int proto, struct proc *p)
 	 */
 	s = splnet();
 	so->so_pcb = (caddr_t)rp;
-	error = raw_usrreqs.pru_attach(so, proto, p);
+	error = raw_attach(so, proto);
 	rp = sotorawcb(so);
 	if (error) {
 		splx(s);
@@ -326,6 +326,14 @@ route_output(m, so)
 		else
 			senderr(ENOBUFS);
 	}
+
+	/*
+	 * Verify that the caller has the appropriate privilege; RTM_GET
+	 * is the only operation the non-superuser is allowed.
+	 */
+	if (rtm->rtm_type != RTM_GET && suser_xxx(so->so_cred, NULL, 0) != 0)
+		senderr(EPERM);
+
 	switch (rtm->rtm_type) {
 
 	case RTM_ADD: