aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorColin Percival <cperciva@FreeBSD.org>2004-06-07 17:44:44 +0000
committerColin Percival <cperciva@FreeBSD.org>2004-06-07 17:44:44 +0000
commit87aef775a7551631bcce0760ae2f4228511faa64 (patch)
tree61753862e98387c6d90cb60749916dd0e32f55b7
parentd11561ecdcf51a511ea933b570467201ddf2cd29 (diff)
downloadsrc-87aef775a7551631bcce0760ae2f4228511faa64.tar.gz
src-87aef775a7551631bcce0760ae2f4228511faa64.zip
FreeBSD-SA-04:12.jailroute:
MFS revision 1.44.2.13 of sys/net/rtsock.c Bump newvers.sh and document in UPDATING. Approved by: so (des)
Notes
Notes: svn path=/releng/4.9/; revision=130197
-rw-r--r--UPDATING4
-rw-r--r--sys/conf/newvers.sh2
-rw-r--r--sys/net/rtsock.c4
3 files changed, 7 insertions, 3 deletions
diff --git a/UPDATING b/UPDATING
index 612cc55cfbe2..6557f2b74a04 100644
--- a/UPDATING
+++ b/UPDATING
@@ -17,6 +17,10 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20040607: p10 FreeBSD-SA-04:12.jailroute
+ Correct a user validation error which could allow a jailed
+ super-user to manipulate routing tables.
+
20040526: p9 FreeBSD-SA-04:11.msync
Fix a bug in msync(2) which could cause it to discard dirty
pages.
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index 9af8a402aa7c..a39b8eaec584 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -36,7 +36,7 @@
TYPE="FreeBSD"
REVISION="4.9"
-BRANCH="RELEASE-p9"
+BRANCH="RELEASE-p10"
RELEASE="${REVISION}-${BRANCH}"
VERSION="${TYPE} ${RELEASE}"
diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c
index 9e02f3d50b8d..f2065862697e 100644
--- a/sys/net/rtsock.c
+++ b/sys/net/rtsock.c
@@ -330,8 +330,8 @@ route_output(m, so)
* Verify that the caller has the appropriate privilege; RTM_GET
* is the only operation the non-superuser is allowed.
*/
- if (rtm->rtm_type != RTM_GET && suser_xxx(so->so_cred, NULL, 0) != 0)
- senderr(EPERM);
+ if (rtm->rtm_type != RTM_GET && (error = suser(curproc)) != 0)
+ senderr(error);
switch (rtm->rtm_type) {