Page MenuHomeFreeBSD

traceroute6: Fix rights for rcvsock
ClosedPublic

Authored by markj on Mar 31 2021, 10:41 PM.
Tags
None
Referenced Files
F161484285: D29523.id.diff
Sat, Jul 4, 5:34 AM
F161402441: D29523.id86648.diff
Fri, Jul 3, 11:20 AM
Unknown Object (File)
Fri, Jul 3, 2:33 AM
Unknown Object (File)
Wed, Jul 1, 7:10 AM
Unknown Object (File)
Thu, Jun 18, 3:18 PM
Unknown Object (File)
May 23 2026, 11:53 PM
Unknown Object (File)
May 23 2026, 3:52 PM
Unknown Object (File)
May 21 2026, 6:12 PM
Subscribers

Details

Summary
  • Always use distinct sockets for send and recv
  • Limit rights on the recv socket
  • Limit rights before entering capability mode

For ICMP6 we were using the same socket for both, and we limited rights
on the socket such that it's impossible to receive anything.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

zlei added inline comments.
usr.sbin/traceroute6/traceroute6.c
942

Copy paste typo

947

It looks good entering capability mode before limiting rights. So no need to adjust here.

After addressing @zlei.huang_gmail.com points - LGTM.

markj marked an inline comment as done.

Address feedback.

This revision was not accepted when it landed; it landed in state Needs Review.Apr 1 2021, 2:01 PM
This revision was automatically updated to reflect the committed changes.