From 9251dd77ca2b07aef32bbb4776a15e817f12cfe0 Mon Sep 17 00:00:00 2001 From: "Christian S.J. Peron" Date: Fri, 7 May 2004 15:33:17 +0000 Subject: [PATCH] Teach route(8) how to deal with root being in a prison. If prison root is allowed to create raw sockets, then they will be able to create routing sockets, too. However prison-root is not able to manipulate routing tables. So when route(8) attempts to write to a routing socket and recieves EPERM from the kernel, exit rather than moving on with execution. Approved by: bmilekic (mentor) --- sbin/route/route.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sbin/route/route.c b/sbin/route/route.c index dcd1ddcaefba..474ac725efb2 100644 --- a/sbin/route/route.c +++ b/sbin/route/route.c @@ -273,6 +273,8 @@ retry: rtm->rtm_type = RTM_DELETE; rtm->rtm_seq = seqno; rlen = write(s, next, rtm->rtm_msglen); + if (rlen < 0 && errno == EPERM) + err(1, "write to routing socket"); if (rlen < (int)rtm->rtm_msglen) { warn("write to routing socket"); (void) printf("got only %d for rlen\n", rlen); @@ -1223,6 +1225,8 @@ rtmsg(cmd, flags) if (debugonly) return (0); if ((rlen = write(s, (char *)&m_rtmsg, l)) < 0) { + if (errno == EPERM) + err(1, "writing to routing socket"); warn("writing to routing socket"); return (-1); }