aboutsummaryrefslogtreecommitdiff
path: root/sys/netinet6
diff options
context:
space:
mode:
authorHajimu UMEMOTO <ume@FreeBSD.org>2004-06-02 15:41:18 +0000
committerHajimu UMEMOTO <ume@FreeBSD.org>2004-06-02 15:41:18 +0000
commit3c751c1b6c5e423f64b808b8dc15a80b813e23f1 (patch)
tree55eb7d6e78aa1da7198d2b0fd0d6d9689abccf86 /sys/netinet6
parentb83effc153f3db454593f7715deef96890c0c481 (diff)
downloadsrc-3c751c1b6c5e423f64b808b8dc15a80b813e23f1.tar.gz
src-3c751c1b6c5e423f64b808b8dc15a80b813e23f1.zip
do not check super user privilege in ip6_savecontrol. It is
meaningless and can even be harmful. Obtained from: KAME MFC after: 3 days
Notes
Notes: svn path=/head/; revision=130002
Diffstat (limited to 'sys/netinet6')
-rw-r--r--sys/netinet6/ip6_input.c25
1 files changed, 5 insertions, 20 deletions
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c
index 0fa9a7b58696..4eb60425763a 100644
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@@ -1107,13 +1107,8 @@ ip6_savecontrol(in6p, m, mp)
struct mbuf *m, **mp;
{
#define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y))
- struct thread *td = curthread; /* XXX */
- int privileged = 0;
struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
- if (td && !suser(td))
- privileged++;
-
#ifdef SO_TIMESTAMP
if ((in6p->in6p_socket->so_options & SO_TIMESTAMP) != 0) {
struct timeval tv;
@@ -1169,16 +1164,13 @@ ip6_savecontrol(in6p, m, mp)
}
/*
- * IPV6_HOPOPTS socket option. We require super-user privilege
- * for the option, but it might be too strict, since there might
- * be some hop-by-hop options which can be returned to normal user.
- * See RFC 2292 section 6.
+ * IPV6_HOPOPTS socket option. Recall that we required super-user
+ * privilege for the option (see ip6_ctloutput), but it might be too
+ * strict, since there might be some hop-by-hop options which can be
+ * returned to normal user.
+ * See also RFC 2292 section 6 (or RFC 3542 section 8).
*/
if ((in6p->in6p_flags & IN6P_HOPOPTS) != 0) {
-#ifdef DIAGNOSTIC
- if (!privileged)
- panic("IN6P_HOPOPTS is set for unprivileged socket");
-#endif
/*
* Check if a hop-by-hop options header is contatined in the
* received packet, and if so, store the options as ancillary
@@ -1294,13 +1286,6 @@ ip6_savecontrol(in6p, m, mp)
if (!(in6p->in6p_flags & IN6P_DSTOPTS))
break;
- /*
- * We also require super-user privilege for
- * the option. See comments on IN6_HOPOPTS.
- */
- if (!privileged)
- break;
-
*mp = sbcreatecontrol((caddr_t)ip6e, elen,
IS2292(IPV6_2292DSTOPTS, IPV6_DSTOPTS),
IPPROTO_IPV6);