Convert three new suser(9) calls introduced between when the priv(9)

patch was prepared and committed to priv(9) calls.  Add XXX comments
as, in each case, the semantics appear to differ from the TCP/UDP
versions of the calls with respect to jail, and because cr_canseecred()
is not used to validate the query.

Obtained from:	TrustedBSD Project

1 files changed, 8 insertions, 1 deletions

diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c
index 63097a84e90e..25d639f678c8 100644
--- a/sys/netinet/sctp_usrreq.c
+++ b/sys/netinet/sctp_usrreq.c
@@ -46,6 +46,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
 #include <sys/domain.h>
+#include <sys/priv.h>
 #include <sys/proc.h>
 #include <sys/protosw.h>
 #include <sys/socket.h>
@@ -488,9 +489,15 @@ sctp_getcred(SYSCTL_HANDLER_ARGS)
 	struct sctp_tcb *stcb;
 	int error, s;
 
-	error = suser(req->td);
+	/*
+	 * XXXRW: Other instances of getcred use SUSER_ALLOWJAIL, as socket
+	 * visibility is scoped using cr_canseesocket(), which it is not
+	 * here.
+	 */
+	error = priv_check_cred(req->td->td_ucred, PRIV_NETINET_GETCRED, 0);
 	if (error)
 		return (error);
+
 	error = SYSCTL_IN(req, addrs, sizeof(addrs));
 	if (error)
 		return (error);