Use the current process's credentials rather than socket's cached.

If the process drops its super-user privileges, we certainly don't want to allow it to modify routing tables. Discussed with: rwatson
2001-09-20 08:25:25 +00:00 · 2001-09-20 08:25:25 +00:00 · ad8cb244ec
commit ad8cb244ec
parent 8b6fdd5792
1 changed files with 2 additions and 2 deletions
--- a/sys/net/rtsock.c
+++ b/sys/net/rtsock.c
@ -331,8 +331,8 @@ route_output(m, so)
 	 * Verify that the caller has the appropriate privilege; RTM_GET
 	 * is the only operation the non-superuser is allowed.
 	 */
-	if (rtm->rtm_type != RTM_GET && suser_xxx(so->so_cred, NULL, 0) != 0)
-		senderr(EPERM);
+	if (rtm->rtm_type != RTM_GET && (error = suser(curproc)) != 0)
+		senderr(error);

 	switch (rtm->rtm_type) {