summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorMichael Shalayeff <mickey@cvs.openbsd.org>2001-12-31 16:46:40 +0000
committerMichael Shalayeff <mickey@cvs.openbsd.org>2001-12-31 16:46:40 +0000
commit239003eb7b76de04fffd98deff247d096960c0ac (patch)
tree46dbd553293f8204f2fb6470be3ffaf76da5c6ef /sys
parent32bc741ede400d43ee94689eb23441abc1f05175 (diff)
only require write mode for modifying ioctls; dhartmei@, frantzen@, deraadt@ ok
Diffstat (limited to 'sys')
-rw-r--r--sys/net/pf.c24
1 files changed, 20 insertions, 4 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 864b42576e1..591a487d54c 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.180 2001/12/18 00:14:20 jasoni Exp $ */
+/* $OpenBSD: pf.c,v 1.181 2001/12/31 16:46:39 mickey Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -1017,9 +1017,6 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
int error = 0;
int s;
- if (!(flags & FWRITE))
- return (EACCES);
-
/* XXX keep in sync with switch() below */
if (securelevel > 1)
switch (cmd) {
@@ -1044,6 +1041,25 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
return EPERM;
}
+ if (!(flags & FWRITE))
+ switch (cmd) {
+ case DIOCGETRULES:
+ case DIOCGETRULE:
+ case DIOCGETNATS:
+ case DIOCGETNAT:
+ case DIOCGETRDRS:
+ case DIOCGETRDR:
+ case DIOCGETSTATE:
+ case DIOCGETSTATUS:
+ case DIOCGETSTATES:
+ case DIOCGETTIMEOUT:
+ case DIOCGETBINATS:
+ case DIOCGETBINAT:
+ break;
+ default:
+ return (EACCES);
+ }
+
switch (cmd) {
case DIOCSTART: