SRaw for FreeBSD ( sock.c ) - Enables all users to open raw sockets.
031d603337d3c77dcca435afe3641d180032d7eff7eda4e2da825be6148d4d91/*
* Name: SRaw for FreeBSD ( sock.c )
* Date: Mon May 01 13:12:43 2000
* Author: pIGpEN [ pigpen@s0ftpj.org, deadhead@sikurezza.org ]
*
* SoftProject 2000 - Digital Sekurity for Y2k
* Sikurezza.org - Italian Security MailingList
*
* COFFEE-WARE LICENSE - This source code is like "THE BEER-WARE LICENSE" by
* Poul-Henning Kamp <phk@FreeBSD.ORG> but you can give me in return a coffee.
*
* Tested on: FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE #5: Mon Mar i386
*
* All users are allowed to open raw sockets...
* This kld disables EPERM in socket() and permits to allocate inpcb even if
* the socket is raw and users haven't root permissions... bypassing suser()
* in pru_attach() functions...
*
*
* Idea & Code for Linux by Gigi_Sull
* Code for FreeBSD by pIGpEN / S0ftPj
*/
#include <sys/param.h>
#include <sys/module.h>
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <net/route.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/in_pcb.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
extern struct protosw inetsw[];
extern struct inpcbinfo ripcbinfo;
static int rip_attach __P((struct socket *, int, struct proc *));
static int (*old_rip_attach) __P((struct socket *, int, struct proc *));
static int module_handler __P((module_t, int, void *));
#define attach(x) inetsw[ip_protox[x]].pr_usrreqs->pru_attach
static int
module_handler(module_t mod, int cmd, void *arg)
{
int s;
switch(cmd) {
case MOD_LOAD:
s = splnet();
old_rip_attach = attach(IPPROTO_RAW);
attach(IPPROTO_RAW) = rip_attach;
attach(IPPROTO_ICMP) = rip_attach;
attach(IPPROTO_IGMP) = rip_attach;
attach(IPPROTO_RSVP) = rip_attach;
attach(IPPROTO_IPIP) = rip_attach;
attach(IPPROTO_IDP) = rip_attach;
attach(0) = rip_attach;
splx(s);
break;
case MOD_UNLOAD:
s = splnet();
attach(IPPROTO_RAW) = old_rip_attach;
attach(IPPROTO_ICMP) = old_rip_attach;
attach(IPPROTO_IGMP) = old_rip_attach;
attach(IPPROTO_RSVP) = old_rip_attach;
attach(IPPROTO_IPIP) = old_rip_attach;
attach(IPPROTO_IDP) = old_rip_attach;
attach(0) = old_rip_attach;
splx(s);
break;
}
return 0;
}
static moduledata_t s_raw = {
"S_Raw",
module_handler,
NULL
};
DECLARE_MODULE(S_Raw, s_raw, SI_SUB_PSEUDO, SI_ORDER_ANY);
static u_long rip_sendspace = 8192; /* RIPSNDQ */
static u_long rip_recvspace = 8192; /* RIPRCVQ */
static int
rip_attach(struct socket *so, int proto, struct proc *p)
{
struct inpcb *inp;
int error, s;
inp = sotoinpcb(so);
if (inp)
panic("rip_attach");
/*
* We don't want suser() call
*
* if (p && (error = suser(p->p_ucred, &p->p_acflag)) != 0)
* return error;
*/
s = splnet();
error = in_pcballoc(so, &ripcbinfo, p); splx(s);
if (error)
return error;
error = soreserve(so, rip_sendspace, rip_recvspace);
if (error)
return error;
inp = (struct inpcb *)so->so_pcb;
inp->inp_ip_p = proto;
return 0;
}
/*
# SoftProject 2000 - Digital Sekurity for Y2k
# Sikurezza.org - Italian Security MailingList
#
# COFFEE-WARE LICENSE - This source code is like "THE BEER-WARE LICENSE" by
# Poul-Henning Kamp <phk@FreeBSD.ORG> but you can give me in return a coffee.
#
# Tested on: FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE #3: Thu Mar i386
# < pigpen@s0ftpj.org >
.PATH: /sys/kern
SRCS = sock.c
CFLAGS+= -I/sys
KMOD = sock
NOMAN = t
KLDMOD = t
KLDLOAD = /sbin/kldload
KLDUNLOAD = /sbin/kldunload
CLEANFILES+= ${KMOD}
load:
${KLDLOAD} -v ./${KMOD}
unload:
${KLDUNLOAD} -v -n ${KMOD}
.include <bsd.kmod.mk>
*/
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed