diff options
| author | David Malone <dwmalone@FreeBSD.org> | 2001-06-24 12:18:27 +0000 |
|---|---|---|
| committer | David Malone <dwmalone@FreeBSD.org> | 2001-06-24 12:18:27 +0000 |
| commit | 7ce87f1205148687e198a55d16415bb3e08bb6be (patch) | |
| tree | 8477270619bea510dd797ce0687af53dddef512b /sys/netinet/tcp_subr.c | |
| parent | 5e209ca776278f32b68d1cc5e3344c7cfcb72c30 (diff) | |
Notes
Diffstat (limited to 'sys/netinet/tcp_subr.c')
| -rw-r--r-- | sys/netinet/tcp_subr.c | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index a706056a24a7..221e54120a2d 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -900,7 +900,7 @@ tcp_getcred(SYSCTL_HANDLER_ARGS) struct inpcb *inp; int error, s; - error = suser(req->p); + error = suser_xxx(0, req->p, PRISON_ROOT); if (error) return (error); error = SYSCTL_IN(req, addrs, sizeof(addrs)); @@ -913,6 +913,9 @@ tcp_getcred(SYSCTL_HANDLER_ARGS) error = ENOENT; goto out; } + error = u_cansee(req->p->p_ucred, inp->inp_socket->so_cred); + if (error) + goto out; bzero(&xuc, sizeof(xuc)); xuc.cr_uid = inp->inp_socket->so_cred->cr_uid; xuc.cr_ngroups = inp->inp_socket->so_cred->cr_ngroups; @@ -924,8 +927,9 @@ out: return (error); } -SYSCTL_PROC(_net_inet_tcp, OID_AUTO, getcred, CTLTYPE_OPAQUE|CTLFLAG_RW, - 0, 0, tcp_getcred, "S,xucred", "Get the xucred of a TCP connection"); +SYSCTL_PROC(_net_inet_tcp, OID_AUTO, getcred, + CTLTYPE_OPAQUE|CTLFLAG_RW|CTLFLAG_PRISON, 0, 0, + tcp_getcred, "S,xucred", "Get the xucred of a TCP connection"); #ifdef INET6 static int @@ -936,7 +940,7 @@ tcp6_getcred(SYSCTL_HANDLER_ARGS) struct inpcb *inp; int error, s, mapped = 0; - error = suser(req->p); + error = suser_xxx(0, req->p, PRISON_ROOT); if (error) return (error); error = SYSCTL_IN(req, addrs, sizeof(addrs)); @@ -965,6 +969,9 @@ tcp6_getcred(SYSCTL_HANDLER_ARGS) error = ENOENT; goto out; } + error = u_cansee(req->p->p_ucred, inp->inp_socket->so_cred); + if (error) + goto out; bzero(&xuc, sizeof(xuc)); xuc.cr_uid = inp->inp_socket->so_cred->cr_uid; xuc.cr_ngroups = inp->inp_socket->so_cred->cr_ngroups; @@ -976,9 +983,9 @@ out: return (error); } -SYSCTL_PROC(_net_inet6_tcp6, OID_AUTO, getcred, CTLTYPE_OPAQUE|CTLFLAG_RW, - 0, 0, - tcp6_getcred, "S,xucred", "Get the xucred of a TCP6 connection"); +SYSCTL_PROC(_net_inet6_tcp6, OID_AUTO, getcred, + CTLTYPE_OPAQUE|CTLFLAG_RW|CTLFLAG_PRISON, 0, 0, + tcp6_getcred, "S,xucred", "Get the xucred of a TCP6 connection"); #endif |