Restrict arp, ndp and theoretically the FIB listing (if not
read with libkvm) to the addresses of a prison, when inside a jail. [1] As the patch from the PR was pre-'new-arp', add checks to the llt_dump handlers as well. While touching RTM_GET in route_output(), consistently use curthread credentials rather than the creds from the socket there. [2] PR: kern/68189 Submitted by: Mark Delany <sxcg2-fuwxj@qmda.emu.st> [1] Discussed with: rwatson [2] Reviewed by: rwatson MFC after: 4 weeks
This commit is contained in:
parent
cfaeba1821
commit
ffd2421407
@ -611,6 +611,12 @@ route_output(struct mbuf *m, struct socket *so)
|
||||
case RTM_GET:
|
||||
report:
|
||||
RT_LOCK_ASSERT(rt);
|
||||
if (jailed(curthread->td_ucred) &&
|
||||
((rt->rt_flags & RTF_HOST) == 0 ||
|
||||
!prison_if(curthread->td_ucred, rt_key(rt)))) {
|
||||
RT_UNLOCK(rt);
|
||||
senderr(ESRCH);
|
||||
}
|
||||
info.rti_info[RTAX_DST] = rt_key(rt);
|
||||
info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
|
||||
info.rti_info[RTAX_NETMASK] = rt_mask(rt);
|
||||
@ -620,10 +626,10 @@ route_output(struct mbuf *m, struct socket *so)
|
||||
if (ifp) {
|
||||
info.rti_info[RTAX_IFP] =
|
||||
ifp->if_addr->ifa_addr;
|
||||
if (jailed(so->so_cred)) {
|
||||
if (jailed(curthread->td_ucred)) {
|
||||
error = rtm_get_jailed(
|
||||
&info, ifp, rt, &saun,
|
||||
so->so_cred);
|
||||
curthread->td_ucred);
|
||||
if (error != 0) {
|
||||
RT_UNLOCK(rt);
|
||||
senderr(ESRCH);
|
||||
@ -1256,6 +1262,10 @@ sysctl_dumpentry(struct radix_node *rn, void *vw)
|
||||
|
||||
if (w->w_op == NET_RT_FLAGS && !(rt->rt_flags & w->w_arg))
|
||||
return 0;
|
||||
if (jailed(w->w_req->td->td_ucred) &&
|
||||
((rt->rt_flags & RTF_HOST) == 0 ||
|
||||
!prison_if(w->w_req->td->td_ucred, rt_key(rt))))
|
||||
return (0);
|
||||
bzero((caddr_t)&info, sizeof(info));
|
||||
info.rti_info[RTAX_DST] = rt_key(rt);
|
||||
info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
|
||||
|
@ -1201,6 +1201,10 @@ in_lltable_dump(struct lltable *llt, struct sysctl_req *wr)
|
||||
/* skip deleted entries */
|
||||
if ((lle->la_flags & (LLE_DELETED|LLE_VALID)) != LLE_VALID)
|
||||
continue;
|
||||
/* Skip if jailed and not a valid IP of the prison. */
|
||||
if (jailed(wr->td->td_ucred) &&
|
||||
!prison_if(wr->td->td_ucred, L3_ADDR(lle)))
|
||||
continue;
|
||||
/*
|
||||
* produce a msg made of:
|
||||
* struct rt_msghdr;
|
||||
|
@ -2240,6 +2240,10 @@ in6_lltable_dump(struct lltable *llt, struct sysctl_req *wr)
|
||||
/* skip deleted or invalid entries */
|
||||
if ((lle->la_flags & (LLE_DELETED|LLE_VALID)) != LLE_VALID)
|
||||
continue;
|
||||
/* Skip if jailed and not a valid IP of the prison. */
|
||||
if (jailed(wr->td->td_ucred) &&
|
||||
!prison_if(wr->td->td_ucred, L3_ADDR(lle)))
|
||||
continue;
|
||||
/*
|
||||
* produce a msg made of:
|
||||
* struct rt_msghdr;
|
||||
|
Loading…
Reference in New Issue
Block a user