cvs commit: src/sys/netinet raw_ip.c
Matthew Dillon
dillon at apollo.backplane.com
Sat Jul 5 11:31:16 PDT 2008
:> sys/netinet raw_ip.c
:> Log:
:> Fix [gs]etsockopt(IP_HDRINCL) which allows mere mortals like me to obtain
:> IP addresses via DHCP again.
:
:Great. Only, it turns out the whole approach is flawed. Setting sopt_td to
:NULL may help with fooling sooptcopy{in,out} but some code uses the field
:to do permission checks. The obvious fix is to add ->sopt_flags and SOPTF_KVA
:and make sure no code in the tree leaves the new field uninitialized (lecture
:on why open-coding stuff is BAD ommitted). This means that soopt_{from,to}_*
:can go. This patch should do the trick; unless testing reveals some issue
:I'm going to revert my changes from HEAD and put it in ASAP so it can get
:wider testing before the release.
:
:Sorry for the inconvenience,
:Aggelos
It kinda sounds to me that the front-end system call should do all the
copyin/copyout into and out of kernel space and the backend protocol
code should just operate in the kernel space. The system call can
pass a ucred to the backend for permissions checks.
That would be more along the lines of what we do with our kern_*()
calls.
-Matt
More information about the Commits
mailing list