Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/net Check for authorization for SIOCSDRVSPEC and SIOCGDR...
details: https://anonhg.NetBSD.org/src/rev/4abff784d694
branches: trunk
changeset: 372921:4abff784d694
user: jakllsch <jakllsch%NetBSD.org@localhost>
date: Thu Jan 05 02:38:51 2023 +0000
description:
Check for authorization for SIOCSDRVSPEC and SIOCGDRVSPEC ioctls for wg(4).
Addresses PR 57161.
diffstat:
sys/net/if_wg.c | 16 ++++++++++++++--
1 files changed, 14 insertions(+), 2 deletions(-)
diffs (44 lines):
diff -r 503e6cd7ab81 -r 4abff784d694 sys/net/if_wg.c
--- a/sys/net/if_wg.c Wed Jan 04 13:43:36 2023 +0000
+++ b/sys/net/if_wg.c Thu Jan 05 02:38:51 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: if_wg.c,v 1.71 2022/11/04 09:00:58 ozaki-r Exp $ */
+/* $NetBSD: if_wg.c,v 1.72 2023/01/05 02:38:51 jakllsch Exp $ */
/*
* Copyright (C) Ryota Ozaki <ozaki.ryota%gmail.com@localhost>
@@ -41,7 +41,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.71 2022/11/04 09:00:58 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.72 2023/01/05 02:38:51 jakllsch Exp $");
#ifdef _KERNEL_OPT
#include "opt_altq_enabled.h"
@@ -4649,6 +4649,12 @@
}
return error;
case SIOCSDRVSPEC:
+ if (kauth_authorize_network(kauth_cred_get(),
+ KAUTH_NETWORK_INTERFACE,
+ KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, &wg->wg_if,
+ (void *)cmd, NULL) != 0) {
+ return EPERM;
+ }
switch (ifd->ifd_cmd) {
case WG_IOCTL_SET_PRIVATE_KEY:
error = wg_ioctl_set_private_key(wg, ifd);
@@ -4668,6 +4674,12 @@
}
return error;
case SIOCGDRVSPEC:
+ if (kauth_authorize_network(kauth_cred_get(),
+ KAUTH_NETWORK_INTERFACE,
+ KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, &wg->wg_if,
+ (void *)cmd, NULL) != 0) {
+ return EPERM;
+ }
return wg_ioctl_get(wg, ifd);
case SIOCSIFFLAGS:
if ((error = ifioctl_common(ifp, cmd, data)) != 0)
Home |
Main Index |
Thread Index |
Old Index