Add net.inet.{tcp,udp}.rootonly sysctl, to mark which ports

cannot be bound to by non-root users. Ok millert@ bluhm@
author: vgross <vgross@openbsd.org> 2016-06-18 10:36:13 +0000
committer: vgross <vgross@openbsd.org> 2016-06-18 10:36:13 +0000
commit: 05a599d3fd72a3593ac753624dfa633d9f297ca3 (patch)
tree: 42650519fd9a205e441b8a79ce019358eefaa75f /sys/netinet/udp_usrreq.c
parent: Stop setting the 4-bit mode capability flag for now. (diff)
download: wireguard-openbsd-05a599d3fd72a3593ac753624dfa633d9f297ca3.tar.xz
wireguard-openbsd-05a599d3fd72a3593ac753624dfa633d9f297ca3.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index d5fa4165098..fb64c11dc4e 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: udp_usrreq.c,v 1.212 2016/06/15 16:06:35 vgross Exp $	*/
+/*	$OpenBSD: udp_usrreq.c,v 1.213 2016/06/18 10:36:13 vgross Exp $	*/
 /*	$NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $	*/
 
 /*
@@ -1276,6 +1276,12 @@ udp_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp,
 		return (sysctl_struct(oldp, oldlenp, newp, newlen,
 		    baddynamicports.udp, sizeof(baddynamicports.udp)));
 
+	case UDPCTL_ROOTONLY:
+		if (newp && securelevel > 0)
+			return (EPERM);
+		return (sysctl_struct(oldp, oldlenp, newp, newlen,
+		    rootonlyports.udp, sizeof(rootonlyports.udp)));
+
 	case UDPCTL_STATS:
 		if (newp != NULL)
 			return (EPERM);
author	vgross <vgross@openbsd.org>	2016-06-18 10:36:13 +0000
committer	vgross <vgross@openbsd.org>	2016-06-18 10:36:13 +0000
commit	05a599d3fd72a3593ac753624dfa633d9f297ca3 (patch)
tree	42650519fd9a205e441b8a79ce019358eefaa75f /sys/netinet/udp_usrreq.c
parent	Stop setting the 4-bit mode capability flag for now. (diff)
download	wireguard-openbsd-05a599d3fd72a3593ac753624dfa633d9f297ca3.tar.xz wireguard-openbsd-05a599d3fd72a3593ac753624dfa633d9f297ca3.zip