diff options
author | Hajimu UMEMOTO <ume@FreeBSD.org> | 2004-06-02 15:41:18 +0000 |
---|---|---|
committer | Hajimu UMEMOTO <ume@FreeBSD.org> | 2004-06-02 15:41:18 +0000 |
commit | 3c751c1b6c5e423f64b808b8dc15a80b813e23f1 (patch) | |
tree | 55eb7d6e78aa1da7198d2b0fd0d6d9689abccf86 /sys/netinet6 | |
parent | b83effc153f3db454593f7715deef96890c0c481 (diff) | |
download | src-3c751c1b6c5e423f64b808b8dc15a80b813e23f1.tar.gz src-3c751c1b6c5e423f64b808b8dc15a80b813e23f1.zip |
do not check super user privilege in ip6_savecontrol. It is
meaningless and can even be harmful.
Obtained from: KAME
MFC after: 3 days
Notes
Notes:
svn path=/head/; revision=130002
Diffstat (limited to 'sys/netinet6')
-rw-r--r-- | sys/netinet6/ip6_input.c | 25 |
1 files changed, 5 insertions, 20 deletions
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index 0fa9a7b58696..4eb60425763a 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -1107,13 +1107,8 @@ ip6_savecontrol(in6p, m, mp) struct mbuf *m, **mp; { #define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) - struct thread *td = curthread; /* XXX */ - int privileged = 0; struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); - if (td && !suser(td)) - privileged++; - #ifdef SO_TIMESTAMP if ((in6p->in6p_socket->so_options & SO_TIMESTAMP) != 0) { struct timeval tv; @@ -1169,16 +1164,13 @@ ip6_savecontrol(in6p, m, mp) } /* - * IPV6_HOPOPTS socket option. We require super-user privilege - * for the option, but it might be too strict, since there might - * be some hop-by-hop options which can be returned to normal user. - * See RFC 2292 section 6. + * IPV6_HOPOPTS socket option. Recall that we required super-user + * privilege for the option (see ip6_ctloutput), but it might be too + * strict, since there might be some hop-by-hop options which can be + * returned to normal user. + * See also RFC 2292 section 6 (or RFC 3542 section 8). */ if ((in6p->in6p_flags & IN6P_HOPOPTS) != 0) { -#ifdef DIAGNOSTIC - if (!privileged) - panic("IN6P_HOPOPTS is set for unprivileged socket"); -#endif /* * Check if a hop-by-hop options header is contatined in the * received packet, and if so, store the options as ancillary @@ -1294,13 +1286,6 @@ ip6_savecontrol(in6p, m, mp) if (!(in6p->in6p_flags & IN6P_DSTOPTS)) break; - /* - * We also require super-user privilege for - * the option. See comments on IN6_HOPOPTS. - */ - if (!privileged) - break; - *mp = sbcreatecontrol((caddr_t)ip6e, elen, IS2292(IPV6_2292DSTOPTS, IPV6_DSTOPTS), IPPROTO_IPV6); |