summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorderaadt <deraadt@openbsd.org>2015-10-08 13:21:06 +0000
committerderaadt <deraadt@openbsd.org>2015-10-08 13:21:06 +0000
commit4062be089a687045c379bafe511bba4a87d651da (patch)
treec7c2b97d0cde9bcb5a9c1b12ee25e9bb2872b7af
parentthe -P flag overwrites files, so it needs tame "stdio rpath wpath cpath". (diff)
downloadwireguard-openbsd-4062be089a687045c379bafe511bba4a87d651da.tar.xz
wireguard-openbsd-4062be089a687045c379bafe511bba4a87d651da.zip
Only in TAME_ROUTE, allow ioctl SIOCGIFADDR/SIOCGIFFLAGS/SIOCGIFRDOMAIN,
because many routing daemon processes with this attribute need to fetch that information to work. discussed with claudio and renato
-rw-r--r--sys/kern/kern_tame.c13
1 files changed, 12 insertions, 1 deletions
diff --git a/sys/kern/kern_tame.c b/sys/kern/kern_tame.c
index ccd26b1b58e..fc36a710d05 100644
--- a/sys/kern/kern_tame.c
+++ b/sys/kern/kern_tame.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kern_tame.c,v 1.67 2015/10/07 19:52:54 deraadt Exp $ */
+/* $OpenBSD: kern_tame.c,v 1.68 2015/10/08 13:21:06 deraadt Exp $ */
/*
* Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -1040,6 +1040,17 @@ tame_ioctl_check(struct proc *p, long com, void *v)
}
}
+ if ((p->p_p->ps_tame & TAME_ROUTE)) {
+ switch (com) {
+ case SIOCGIFADDR:
+ case SIOCGIFFLAGS:
+ case SIOCGIFRDOMAIN:
+ if (fp->f_type == DTYPE_SOCKET)
+ return (0);
+ break;
+ }
+ }
+
if ((p->p_p->ps_tame & TAME_TTY)) {
switch (com) {
case TIOCSPGRP: