cvs commit: src/sys/netinet raw_ip.c

Matthew Dillon dillon at apollo.backplane.com
Sat Jul 5 11:31:16 PDT 2008


:>     sys/netinet          raw_ip.c 
:>   Log:
:>   Fix [gs]etsockopt(IP_HDRINCL) which allows mere mortals like me to obtain
:>   IP addresses via DHCP again.
:
:Great. Only, it turns out the whole approach is flawed. Setting sopt_td to
:NULL may help with fooling sooptcopy{in,out} but some code uses the field
:to do permission checks. The obvious fix is to add ->sopt_flags and SOPTF_KVA
:and make sure no code in the tree leaves the new field uninitialized (lecture
:on why open-coding stuff is BAD ommitted). This means that soopt_{from,to}_*
:can go. This patch should do the trick; unless testing reveals some issue
:I'm going to revert my changes from HEAD and put it in ASAP so it can get
:wider testing before the release.
:
:Sorry for the inconvenience,
:Aggelos

    It kinda sounds to me that the front-end system call should do all the
    copyin/copyout into and out of kernel space and the backend protocol
    code should just operate in the kernel space.  The system call can
    pass a ucred to the backend for permissions checks.

    That would be more along the lines of what we do with our kern_*()
    calls.

						-Matt





More information about the Commits mailing list