upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Teach route(8) how to deal with root being in a prison. If prison

Browse source 
root is allowed to create raw sockets, then they will be able to create
routing sockets, too.  However prison-root is not able to manipulate
routing tables.  So when route(8) attempts to write to a routing
socket and recieves EPERM from the kernel, exit rather than moving
on with execution.

Approved by:    bmilekic (mentor)
This commit is contained in:
Christian S.J. Peron 2004-05-07 15:33:17 +00:00
parent 912467dc98
commit 9251dd77ca
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sbin/route/route.c
View file

@ -273,6 +273,8 @@ retry:
rtm->rtm_type = RTM_DELETE;
rtm->rtm_seq = seqno;
rlen = write(s, next, rtm->rtm_msglen);
if (rlen < 0 && errno == EPERM)
err(1, "write to routing socket");
if (rlen < (int)rtm->rtm_msglen) {
warn("write to routing socket");
(void) printf("got only %d for rlen\n", rlen);
@ -1223,6 +1225,8 @@ rtmsg(cmd, flags)
if (debugonly)
return (0);
if ((rlen = write(s, (char *)&m_rtmsg, l)) < 0) {
if (errno == EPERM)
err(1, "writing to routing socket");
warn("writing to routing socket");
return (-1);
}