privsep: Filter ioctls to a known list.

In-case the master process is broken into.
author: Roy Marples <roy@marples.name> 2020-05-20 18:14:38 +0100
committer: Roy Marples <roy@marples.name> 2020-05-20 18:14:38 +0100
commit: 57b2db8ffc9e88d303e2c140e07be79aa45a35ce (patch)
tree: d54c187e7337494e883a7ceb3381933dd0039a42 /src/privsep-root.c
parent: ce1f59bef3420015ae06ff8f7c04c8f56c320c90 (diff)
download: dhcpcd-57b2db8ffc9e88d303e2c140e07be79aa45a35ce.tar.xz
1 files changed, 21 insertions, 0 deletions
diff --git a/src/privsep-root.c b/src/privsep-root.c
index f511a43f..8232a532 100644
--- a/src/privsep-root.c
+++ b/src/privsep-root.c
@@ -215,6 +215,27 @@ ps_root_doioctl(unsigned long req, void *data, size_t len)
 {
 	int s, err;
 
+	/* Only allow these ioctls */
+	switch(req) {
+#ifdef SIOCAIFADDR
+	case SIOCAIFADDR:	/* FALLTHROUGH */
+	case SIOCDIFADDR:	/* FALLTHROUGH */
+#endif
+#ifdef SIOCSIFHWADDR
+	case SIOCSIFHWADDR:	/* FALLTHROUGH */
+#endif
+#ifdef SIOCGIFPRIORITY
+	case SIOCGIFPRIORITY:	/* FALLTHROUGH */
+#endif
+	case SIOCSIFFLAGS:	/* FALLTHROUGH */
+	case SIOCGIFMTU:	/* FALLTHROUGH */
+	case SIOCSIFMTU:
+		break;
+	default:
+		errno = EPERM;
+		return -1;
+	}
+
 	s = socket(PF_INET, SOCK_DGRAM, 0);
 	if (s != -1)
 #ifdef IOCTL_REQUEST_TYPE
author	Roy Marples <roy@marples.name>	2020-05-20 18:14:38 +0100
committer	Roy Marples <roy@marples.name>	2020-05-20 18:14:38 +0100
commit	57b2db8ffc9e88d303e2c140e07be79aa45a35ce (patch)
tree	d54c187e7337494e883a7ceb3381933dd0039a42 /src/privsep-root.c
parent	ce1f59bef3420015ae06ff8f7c04c8f56c320c90 (diff)
download	dhcpcd-57b2db8ffc9e88d303e2c140e07be79aa45a35ce.tar.xz