Add a super-user check to ipfw_ctl() to make sure that the calling

process is a non-prison root. The security.jail.allow_raw_sockets sysctl variable is disabled by default, however if the user enables raw sockets in prisons, prison-root should not be able to interact with firewall rule sets. Approved by: rwatson, bmilekic (mentor)
2004-05-25 15:02:12 +00:00 · 2004-05-25 15:02:12 +00:00 · b5ef991561
commit b5ef991561
parent 478aa80510
1 changed files with 4 additions and 0 deletions
--- a/sys/netinet/ip_fw2.c
+++ b/sys/netinet/ip_fw2.c
@ -2778,6 +2778,10 @@ ipfw_ctl(struct sockopt *sopt)
 	struct ip_fw *buf, *rule;
 	u_int32_t rulenum[2];

+	error = suser(sopt->sopt_td);
+	if (error)
+		return (error);
+
 	/*
 	 * Disallow modifications in really-really secure mode, but still allow
 	 * the logging counters to be reset.