d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5090559b7f
freebsd-dev/sys/netinet
History
Christian S.J. Peron 5090559b7f When a prison is given the ability to create raw sockets (when the 
security.jail.allow_raw_sockets sysctl MIB is set to 1) where privileged
access to jails is given out, it is possible for prison root to manipulate
various network parameters which effect the host environment. This commit
plugs a number of security holes associated with the use of raw sockets
and prisons.

This commit makes the following changes:

- Add a comment to rtioctl warning developers that if they add
  any ioctl commands, they should use super-user checks where necessary,
  as it is possible for PRISON root to make it this far in execution.
- Add super-user checks for the execution of the SIOCGETVIFCNT
  and SIOCGETSGCNT IP multicast ioctl commands.
- Add a super-user check to rip_ctloutput(). If the calling cred
  is PRISON root, make sure the socket option name is IP_HDRINCL,
  otherwise deny the request.

Although this patch corrects a number of security problems associated
with raw sockets and prisons, the warning in jail(8) should still
apply, and by default we should keep the default value of
security.jail.allow_raw_sockets MIB to 0 (or disabled) until
we are certain that we have tracked down all the problems.

Looking forward, we will probably want to eliminate the
references to curthread.

This may be a MFC candidate for RELENG_5.

Reviewed by:	rwatson
Approved by:	bmilekic (mentor)
2004-08-21 17:38:57 +00:00
..
libalias Fix outgoing ICMP on global instance. 2004-08-14 14:21:09 +00:00
accf_data.c add missing #include <sys/module.h> 2004-05-30 20:27:19 +00:00
accf_http.c The socket field so_state is used to hold a variety of socket related 2004-06-14 18:16:22 +00:00
icmp6.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
icmp_var.h White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
if_atm.c White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
if_atm.h White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
if_ether.c Add a new driver to support IP over firewire. This driver is intended to 2004-06-13 10:54:36 +00:00
if_ether.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
igmp_var.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
igmp.c Lock down parallel router_info list for tracking multicast IGMP 2004-06-11 03:42:37 +00:00
igmp.h White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
in_cksum.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
in_gif.c Ensure that dst is bzeroed before calling rtalloc_ign(), to avoid possible 2004-06-18 02:04:07 +00:00
in_gif.h - fix typo in comment. 2003-10-07 17:46:18 +00:00
in_pcb.c In in_pcbrehash(), do assert the inpcb lock as well as the pcbinfo lock. 2004-08-19 01:11:17 +00:00
in_pcb.h White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
in_proto.c White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
in_rmx.c Introduce tcp_hostcache and remove the tcp specific metrics from 2003-11-20 20:07:39 +00:00
in_systm.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
in_var.h White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
in.c White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
in.h White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
ip6.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
ip_divert.c Convert ipfw to use PFIL_HOOKS. This is change is transparent to userland 2004-08-17 22:05:54 +00:00
ip_divert.h Re-remove MT_TAGs. The problems with dummynet have been fixed now. 2004-02-25 19:55:29 +00:00
ip_dummynet.c Convert ipfw to use PFIL_HOOKS. This is change is transparent to userland 2004-08-17 22:05:54 +00:00
ip_dummynet.h Convert ipfw to use PFIL_HOOKS. This is change is transparent to userland 2004-08-17 22:05:54 +00:00
ip_ecn.c add ECN support in layer-3. 2003-10-29 15:07:04 +00:00
ip_ecn.h add ECN support in layer-3. 2003-10-29 15:07:04 +00:00
ip_encap.c Lock down IP-layer encapsulation library: 2004-03-10 02:48:50 +00:00
ip_encap.h
ip_fastfwd.c Convert ipfw to use PFIL_HOOKS. This is change is transparent to userland 2004-08-17 22:05:54 +00:00
ip_fw2.c When unloading ipfw module use callout_drain() to make absolutely sure that 2004-08-19 23:31:40 +00:00
ip_fw_pfil.c Fix a stupid typo which prevented an ipfw KLD unload from successfully cleaning 2004-08-20 00:36:55 +00:00
ip_fw.h Bring back the sysctl 'net.inet.ip.fw.enable' to unbreak the startup scripts 2004-08-19 17:38:47 +00:00
ip_gre.c White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
ip_gre.h de-__P(). 2002-10-16 22:27:27 +00:00
ip_icmp.c White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
ip_icmp.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
ip_id.c White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
ip_input.c Bring back the sysctl 'net.inet.ip.fw.enable' to unbreak the startup scripts 2004-08-19 17:38:47 +00:00
ip_mroute.c When a prison is given the ability to create raw sockets (when the 2004-08-21 17:38:57 +00:00
ip_mroute.h White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
ip_output.c Make the kernel compile again if you are not using PFIL_HOOKS 2004-08-18 00:37:46 +00:00
ip_var.h Convert ipfw to use PFIL_HOOKS. This is change is transparent to userland 2004-08-17 22:05:54 +00:00
ip.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
ipprotosw.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
pim_var.h New PIM header files. 2003-08-07 18:17:43 +00:00
pim.h Include <sys/types.h> for autoconf/automake detection. 2004-03-08 07:45:32 +00:00
raw_ip.c When a prison is given the ability to create raw sockets (when the 2004-08-21 17:38:57 +00:00
tcp_debug.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
tcp_debug.h White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
tcp_fsm.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
tcp_hostcache.c White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
tcp_input.c Convert ipfw to use PFIL_HOOKS. This is change is transparent to userland 2004-08-17 22:05:54 +00:00
tcp_output.c White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
tcp_reass.c Convert ipfw to use PFIL_HOOKS. This is change is transparent to userland 2004-08-17 22:05:54 +00:00
tcp_sack.c Convert ipfw to use PFIL_HOOKS. This is change is transparent to userland 2004-08-17 22:05:54 +00:00
tcp_seq.h Add support for TCP Selective Acknowledgements. The work for this 2004-06-23 21:04:37 +00:00
tcp_subr.c For IPv6 access pointer to tcpcb only after we have checked it is valid. 2004-08-19 20:16:17 +00:00
tcp_syncache.c White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
tcp_timer.c White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
tcp_timer.h White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
tcp_timewait.c For IPv6 access pointer to tcpcb only after we have checked it is valid. 2004-08-19 20:16:17 +00:00
tcp_usrreq.c White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
tcp_var.h White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
tcp.h White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
tcpip.h White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
udp_usrreq.c When prepending space onto outgoing UDP datagram payloads to hold the 2004-08-21 16:14:04 +00:00
udp_var.h White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
udp.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00