d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use the credential authorizing the socket creation operation to perform

Browse Source 
the jail check and the MAC socket labeling in socreate().  This handles
socket creation using a cached credential better (such as in the NFS
client code when rebuilding a socket following a disconnect: the new
socket should be created using the nfsmount cached cred, not the cred
of the thread causing the socket to be rebuilt).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
This commit is contained in:
rwatson 2002-08-12 16:49:03 +00:00
parent 7a27007bbb
commit f8156b93ee
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/kern/uipc_socket.c
View File

@ -177,7 +177,7 @@ socreate(dom, aso, type, proto, cred, td)
if (prp == 0 || prp->pr_usrreqs->pru_attach == 0)
return (EPROTONOSUPPORT);
if (jailed(td->td_ucred) && jail_socket_unixiproute_only &&
if (jailed(cred) && jail_socket_unixiproute_only &&
prp->pr_domain->dom_family != PF_LOCAL &&
prp->pr_domain->dom_family != PF_INET &&
prp->pr_domain->dom_family != PF_ROUTE) {
@ -196,7 +196,7 @@ socreate(dom, aso, type, proto, cred, td)
so->so_cred = crhold(cred);
so->so_proto = prp;
#ifdef MAC
mac_create_socket(td->td_ucred, so);
mac_create_socket(cred, so);
#endif
soref(so);
error = (*prp->pr_usrreqs->pru_attach)(so, proto, td);