d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f5a2f7feac
freebsd-nq/sys/net
History
Christian S.J. Peron 5090559b7f When a prison is given the ability to create raw sockets (when the 
security.jail.allow_raw_sockets sysctl MIB is set to 1) where privileged
access to jails is given out, it is possible for prison root to manipulate
various network parameters which effect the host environment. This commit
plugs a number of security holes associated with the use of raw sockets
and prisons.

This commit makes the following changes:

- Add a comment to rtioctl warning developers that if they add
  any ioctl commands, they should use super-user checks where necessary,
  as it is possible for PRISON root to make it this far in execution.
- Add super-user checks for the execution of the SIOCGETVIFCNT
  and SIOCGETSGCNT IP multicast ioctl commands.
- Add a super-user check to rip_ctloutput(). If the calling cred
  is PRISON root, make sure the socket option name is IP_HDRINCL,
  otherwise deny the request.

Although this patch corrects a number of security problems associated
with raw sockets and prisons, the warning in jail(8) should still
apply, and by default we should keep the default value of
security.jail.allow_raw_sockets MIB to 0 (or disabled) until
we are certain that we have tracked down all the problems.

Looking forward, we will probably want to eliminate the
references to curthread.

This may be a MFC candidate for RELENG_5.

Reviewed by:	rwatson
Approved by:	bmilekic (mentor)
2004-08-21 17:38:57 +00:00
..
bpf_compat.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
bpf_filter.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
bpf.c Add locking to the kqueue subsystem. This also makes the kqueue subsystem 2004-08-15 06:24:42 +00:00
bpf.h Make the comment for DLT_NULL slightly more accurate. 2004-05-30 17:03:48 +00:00
bpfdesc.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
bridge.c Convert ipfw to use PFIL_HOOKS. This is change is transparent to userland 2004-08-17 22:05:54 +00:00
bridge.h
bsd_comp.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
ethernet.h Add helper functions to calculate the standard ethernet CRC in 2004-06-02 21:34:14 +00:00
fddi.h
firewire.h Fix big-endian build. 2004-06-14 08:17:51 +00:00
if_arc.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
if_arcsubr.c Replace IF_HANDOFF with new IFQ_HANDOFF to enqueue with ALTQ once enabled on 2004-06-15 23:57:42 +00:00
if_arp.h Add a new driver to support IP over firewire. This driver is intended to 2004-06-13 10:54:36 +00:00
if_atm.h Add a device type for virtual interfaces. 2004-01-26 12:13:11 +00:00
if_atmsubr.c This commit does two things: 2004-04-25 09:24:52 +00:00
if_clone.c When removing the last reference to a cloner, do not try to unlock twice - 2004-07-20 21:44:28 +00:00
if_clone.h Major overhaul of pseudo-interface cloning. Highlights include: 2004-06-22 20:13:25 +00:00
if_disc.c Do a pass over all modules in the kernel and make them return EOPNOTSUPP 2004-07-15 08:26:07 +00:00
if_dl.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
if_ef.c Initialize ; variable eraly to shut up GCC warning. 2004-07-28 06:48:36 +00:00
if_ethersubr.c Add a new network interface flag, IFF_NEEDSGIANT, which will allow 2004-07-27 23:20:45 +00:00
if_faith.c Do a pass over all modules in the kernel and make them return EOPNOTSUPP 2004-07-15 08:26:07 +00:00
if_fddisubr.c Replace IF_HANDOFF with new IFQ_HANDOFF to enqueue with ALTQ once enabled on 2004-06-15 23:57:42 +00:00
if_fwsubr.c Add two missing includes and remove two uneeded. 2004-06-27 09:03:22 +00:00
if_gif.c Do a pass over all modules in the kernel and make them return EOPNOTSUPP 2004-07-15 08:26:07 +00:00
if_gif.h Properly detect loops by recording the interface pointer in an mtag. 2004-04-05 16:55:15 +00:00
if_gre.c Set ip_v field properly. 2004-08-05 08:12:46 +00:00
if_gre.h Lock down global variables in if_gre: 2004-03-22 16:04:43 +00:00
if_iso88025subr.c Replace IF_HANDOFF with new IFQ_HANDOFF to enqueue with ALTQ once enabled on 2004-06-15 23:57:42 +00:00
if_llc.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
if_loop.c Avoid casts as lvalues. 2004-07-28 06:59:55 +00:00
if_media.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
if_media.h Added two new media types for 10GBASE-SR and 10GBASE-LR 2004-08-12 23:48:26 +00:00
if_mib.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
if_mib.h
if_ppp.c Do a pass over all modules in the kernel and make them return EOPNOTSUPP 2004-07-15 08:26:07 +00:00
if_ppp.h
if_pppvar.h
if_sl.c As SLIP directly accesses the tty code from its if_start() routine, 2004-08-06 22:41:13 +00:00
if_slvar.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
if_sppp.h
if_spppsubr.c Do a pass over all modules in the kernel and make them return EOPNOTSUPP 2004-07-15 08:26:07 +00:00
if_stf.c Do a pass over all modules in the kernel and make them return EOPNOTSUPP 2004-07-15 08:26:07 +00:00
if_stf.h
if_tap.c Set IFF_RUNNING flag on the interface as soon as the control device is opened. 2004-08-11 00:12:27 +00:00
if_tap.h
if_tapvar.h Do the dreaded s/dev_t/struct cdev */ 2004-06-16 09:47:26 +00:00
if_tun.c Do a pass over all modules in the kernel and make them return EOPNOTSUPP 2004-07-15 08:26:07 +00:00
if_tun.h
if_types.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
if_var.h Add locking to the kqueue subsystem. This also makes the kqueue subsystem 2004-08-15 06:24:42 +00:00
if_vlan_var.h A network interface driver can support IFCAP_VLAN_MTU only, 2004-01-18 19:29:04 +00:00
if_vlan.c Add locking to the kqueue subsystem. This also makes the kqueue subsystem 2004-08-15 06:24:42 +00:00
if.c Add locking to the kqueue subsystem. This also makes the kqueue subsystem 2004-08-15 06:24:42 +00:00
if.h Add a new network interface flag, IFF_NEEDSGIANT, which will allow 2004-07-27 23:20:45 +00:00
iso88025.h Fix whitespace issues. 2003-03-15 23:55:33 +00:00
net_osdep.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
net_osdep.h - update comments to refrect recent BSDs. 2003-11-04 14:08:31 +00:00
netisr.c Comment clarifying debug_mpsafenet. 2004-07-18 21:50:22 +00:00
netisr.h Introduce a netisr to deliver kernel-generated routing, avoiding 2004-06-09 02:48:23 +00:00
pfil.c o update PFIL_HOOKS support to current API used by netbsd 2003-09-23 17:54:04 +00:00
pfil.h Include <sys/_lock.h>'s prerequisite <sys/queue.h> before including the 2004-06-19 14:58:35 +00:00
pfkeyv2.h Initial import of RFC 2385 (TCP-MD5) digest support. 2004-02-11 04:26:04 +00:00
ppp_comp.h
ppp_deflate.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
ppp_defs.h
ppp_tty.c Preparation commit for the tty cleanups that will follow in the near 2004-07-15 20:47:41 +00:00
radix.c Readability fixes: 2004-04-21 15:27:36 +00:00
radix.h + move MKGet()/MKFree() into the only file that can use them. 2004-04-18 11:48:35 +00:00
raw_cb.c Lock down rawcb_list, a global list of control blocks for raw sockets, 2004-06-15 04:13:59 +00:00
raw_cb.h Lock down rawcb_list, a global list of control blocks for raw sockets, 2004-06-15 04:13:59 +00:00
raw_usrreq.c Lock down rawcb_list, a global list of control blocks for raw sockets, 2004-06-15 04:13:59 +00:00
route.c When a prison is given the ability to create raw sockets (when the 2004-08-21 17:38:57 +00:00
route.h Avoid casts as lvalues. 2004-07-28 06:59:55 +00:00
rtsock.c Use IFQ_SET_MAXLEN() to set the maximum queue depth of the routing 2004-08-13 22:23:21 +00:00
slcompress.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
slcompress.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
slip.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
zlib.c Give zlib the ability to be a module that can be depended on, 2004-06-20 17:42:35 +00:00
zlib.h