Add net.inet.{tcp,udp}.rootonly sysctl, to mark which ports

cannot be bound to by non-root users. Ok millert@ bluhm@
author: vgross <vgross@openbsd.org> 2016-06-18 10:36:13 +0000
committer: vgross <vgross@openbsd.org> 2016-06-18 10:36:13 +0000
commit: 05a599d3fd72a3593ac753624dfa633d9f297ca3 (patch)
tree: 42650519fd9a205e441b8a79ce019358eefaa75f /sys/netinet/tcp_usrreq.c
parent: Stop setting the 4-bit mode capability flag for now. (diff)
download: wireguard-openbsd-05a599d3fd72a3593ac753624dfa633d9f297ca3.tar.xz
wireguard-openbsd-05a599d3fd72a3593ac753624dfa633d9f297ca3.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c
index 1cb805eb715..964e330b405 100644
--- a/sys/netinet/tcp_usrreq.c
+++ b/sys/netinet/tcp_usrreq.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tcp_usrreq.c,v 1.130 2016/03/29 18:13:20 bluhm Exp $	*/
+/*	$OpenBSD: tcp_usrreq.c,v 1.131 2016/06/18 10:36:13 vgross Exp $	*/
 /*	$NetBSD: tcp_usrreq.c,v 1.20 1996/02/13 23:44:16 christos Exp $	*/
 
 /*
@@ -885,6 +885,12 @@ tcp_sysctl(name, namelen, oldp, oldlenp, newp, newlen)
 		return (sysctl_struct(oldp, oldlenp, newp, newlen,
 		    baddynamicports.tcp, sizeof(baddynamicports.tcp)));
 
+	case TCPCTL_ROOTONLY:
+		if (newp && securelevel > 0)
+			return (EPERM);
+		return (sysctl_struct(oldp, oldlenp, newp, newlen,
+		    rootonlyports.tcp, sizeof(rootonlyports.tcp)));
+
 	case TCPCTL_IDENT:
 		return (tcp_ident(oldp, oldlenp, newp, newlen, 0));
author	vgross <vgross@openbsd.org>	2016-06-18 10:36:13 +0000
committer	vgross <vgross@openbsd.org>	2016-06-18 10:36:13 +0000
commit	05a599d3fd72a3593ac753624dfa633d9f297ca3 (patch)
tree	42650519fd9a205e441b8a79ce019358eefaa75f /sys/netinet/tcp_usrreq.c
parent	Stop setting the 4-bit mode capability flag for now. (diff)
download	wireguard-openbsd-05a599d3fd72a3593ac753624dfa633d9f297ca3.tar.xz wireguard-openbsd-05a599d3fd72a3593ac753624dfa633d9f297ca3.zip