diff options
author | 2015-10-08 13:21:06 +0000 | |
---|---|---|
committer | 2015-10-08 13:21:06 +0000 | |
commit | 4062be089a687045c379bafe511bba4a87d651da (patch) | |
tree | c7c2b97d0cde9bcb5a9c1b12ee25e9bb2872b7af | |
parent | the -P flag overwrites files, so it needs tame "stdio rpath wpath cpath". (diff) | |
download | wireguard-openbsd-4062be089a687045c379bafe511bba4a87d651da.tar.xz wireguard-openbsd-4062be089a687045c379bafe511bba4a87d651da.zip |
Only in TAME_ROUTE, allow ioctl SIOCGIFADDR/SIOCGIFFLAGS/SIOCGIFRDOMAIN,
because many routing daemon processes with this attribute need to fetch
that information to work.
discussed with claudio and renato
-rw-r--r-- | sys/kern/kern_tame.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/sys/kern/kern_tame.c b/sys/kern/kern_tame.c index ccd26b1b58e..fc36a710d05 100644 --- a/sys/kern/kern_tame.c +++ b/sys/kern/kern_tame.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_tame.c,v 1.67 2015/10/07 19:52:54 deraadt Exp $ */ +/* $OpenBSD: kern_tame.c,v 1.68 2015/10/08 13:21:06 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org> @@ -1040,6 +1040,17 @@ tame_ioctl_check(struct proc *p, long com, void *v) } } + if ((p->p_p->ps_tame & TAME_ROUTE)) { + switch (com) { + case SIOCGIFADDR: + case SIOCGIFFLAGS: + case SIOCGIFRDOMAIN: + if (fp->f_type == DTYPE_SOCKET) + return (0); + break; + } + } + if ((p->p_p->ps_tame & TAME_TTY)) { switch (com) { case TIOCSPGRP: |