From 5e0e427494ebd31520771a748a27b13465ee0367 Mon Sep 17 00:00:00 2001 From: dlg Date: Mon, 12 Oct 2015 10:49:40 +0000 Subject: [PATCH] protect SIOCSLIFPHYTTL, SIOCSVNETID so only root can call them, and return EPNOTSUPP for SIOCGLIFPHYTTL and SIOCGVNETID. all so drivers dont have to do these checks themselves. ok mikeb@ mpi@ --- sys/net/if.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sys/net/if.c b/sys/net/if.c index 6aeeb077294..9ed60acb717 100644 --- a/sys/net/if.c +++ b/sys/net/if.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if.c,v 1.386 2015/10/08 09:51:00 mpi Exp $ */ +/* $OpenBSD: if.c,v 1.387 2015/10/12 10:49:40 dlg Exp $ */ /* $NetBSD: if.c,v 1.35 1996/05/07 05:26:04 thorpej Exp $ */ /* @@ -1809,9 +1809,11 @@ ifioctl(struct socket *so, u_long cmd, caddr_t data, struct proc *p) #endif case SIOCSLIFPHYADDR: case SIOCSLIFPHYRTABLE: + case SIOCSLIFPHYTTL: case SIOCADDMULTI: case SIOCDELMULTI: case SIOCSIFMEDIA: + case SIOCSVNETID: if ((error = suser(p, 0)) != 0) return (error); /* FALLTHROUGH */ @@ -1819,7 +1821,9 @@ ifioctl(struct socket *so, u_long cmd, caddr_t data, struct proc *p) case SIOCGIFPDSTADDR: case SIOCGLIFPHYADDR: case SIOCGLIFPHYRTABLE: + case SIOCGLIFPHYTTL: case SIOCGIFMEDIA: + case SIOCGVNETID: if (ifp->if_ioctl == 0) return (EOPNOTSUPP); error = (*ifp->if_ioctl)(ifp, cmd, data); -- 2.20.1