kern/40603: anyone can add/delete link addresses on interfaces

[bad%bsd.de@localhost]

>Number:         40603
>Category:       kern
>Synopsis:       unprivileged users can add and delete interface link addresses
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Feb 10 22:50:00 +0000 2009
>Originator:     Christoph Badura
>Release:        NetBSD 5.99.4
>Organization:
>Environment:
System: NetBSD not-invented-here 5.99.4 NetBSD 5.99.4 (gaol_domu) #13: Tue Feb 
10 22:56:40 CET 2009 bad@not-invented-here:/home/bad/gaol_domu i386
Architecture: i386
Machine: i386
>Description:
        Unprivileged users can add and delete interface link addresses.
        net/link_proto.c:link_control() doesn't check for privileges for
        the SIOCALIFADDR and SIOCDLIFADDR ioctl commands.
>How-To-Repeat:
        int=xennet0
        ifconfig $int link aa:00:23:17:42:ec
        ifconfig $int | grep link
        ifconfig $int link aa:00:23:17:42:ec -alias
        ifconfig $int | grep link
>Fix:
        Add the following code in link_control() after 
        case SIOCDLIFADDR:

                if (l == NULL)
                        return (EPERM);
                if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE,
                    KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
                    NULL) != 0)
                        return (EPERM);
                /*FALLTHROUGH*/

        Or centralize the check in net/if.c:ifioctl().
        The same check is done in netinet/in.c:in_control().