prevent non-root users to invoke wanpipe ioctls.

noticed by uwe@, looks ok deraadt@

2 files changed, 11 insertions, 2 deletions

diff --git a/sys/dev/pci/if_san_common.c b/sys/dev/pci/if_san_common.c
index 801c91e971d..e641dc05bd1 100644
--- a/sys/dev/pci/if_san_common.c
+++ b/sys/dev/pci/if_san_common.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_san_common.c,v 1.7 2005/04/01 21:42:35 canacar Exp $	*/
+/*	$OpenBSD: if_san_common.c,v 1.8 2005/04/05 20:11:10 canacar Exp $	*/
 
 /*-
  * Copyright (c) 2001-2004 Sangoma Technologies (SAN)
@@ -43,6 +43,7 @@
 # include <sys/errno.h>
 # include <sys/exec.h>
 # include <sys/mbuf.h>
+# include <sys/proc.h>
 # include <sys/socket.h>
 # include <sys/kernel.h>
 # include <sys/time.h>
@@ -266,6 +267,10 @@ wan_ioctl(struct ifnet *ifp, int cmd, struct ifreq *ifr)
 
 	SAN_ASSERT(common == NULL);
 	SAN_ASSERT(common->card == NULL);
+
+	if ((err = suser(curproc, 0)) != 0)
+		return err;
+
 	switch (cmd) {
 	case SIOC_WANPIPE_HWPROBE:
 		err = wan_ioctl_hwprobe(ifp, ifr->ifr_data);
diff --git a/sys/dev/pci/if_san_xilinx.c b/sys/dev/pci/if_san_xilinx.c
index 7f6c6ab7986..89e5aa8d048 100644
--- a/sys/dev/pci/if_san_xilinx.c
+++ b/sys/dev/pci/if_san_xilinx.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_san_xilinx.c,v 1.8 2005/04/01 21:42:36 canacar Exp $	*/
+/*	$OpenBSD: if_san_xilinx.c,v 1.9 2005/04/05 20:11:10 canacar Exp $	*/
 
 /*-
  * Copyright (c) 2001-2004 Sangoma Technologies (SAN)
@@ -41,6 +41,7 @@
 #include <sys/malloc.h>
 #include <sys/errno.h>
 #include <sys/mbuf.h>
+#include <sys/proc.h>
 #include <sys/socket.h>
 #include <sys/kernel.h>
 #include <sys/time.h>
@@ -682,6 +683,9 @@ wan_xilinx_ioctl(struct ifnet *ifp, int cmd, struct ifreq *ifr)
 	{
 		case SIOC_WANPIPE_PIPEMON:
 
+			if ((err = suser(curproc, 0)) != 0)
+				break;
+
 			if (IF_QFULL(&sc->udp_queue)) {
 				return (EBUSY);
 			}