From 1868e7415eae8e2c89cd8846a807b543e7cb2220 Mon Sep 17 00:00:00 2001 From: Theo de Raadt Date: Wed, 7 Dec 2022 01:02:29 +0000 Subject: If the called of ypconnect(2) is root, the socket should acquire a reserved port to received secure-maps from the ypserver. issue found by niklas, using a simpler diff i proposed ok miod --- sys/kern/uipc_syscalls.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'sys/kern') diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c index 4e5dd64402f..395f0a20c26 100644 --- a/sys/kern/uipc_syscalls.c +++ b/sys/kern/uipc_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_syscalls.c,v 1.206 2022/12/05 23:18:37 deraadt Exp $ */ +/* $OpenBSD: uipc_syscalls.c,v 1.207 2022/12/07 01:02:28 deraadt Exp $ */ /* $NetBSD: uipc_syscalls.c,v 1.19 1996/02/09 19:00:48 christos Exp $ */ /* @@ -60,6 +60,9 @@ #include #include +#include +#include +#include #include int copyaddrout(struct proc *, struct mbuf *, struct sockaddr *, socklen_t, @@ -1648,6 +1651,11 @@ out: ktrsockaddr(p, mtod(nam, caddr_t), sizeof(struct sockaddr_in)); #endif solock(so); + + /* Secure YP maps require reserved ports */ + if (suser(p) == 0) + sotoinpcb(so)->inp_flags |= INP_LOWPORT; + error = soconnect(so, nam); while ((so->so_state & SS_ISCONNECTING) && so->so_error == 0) { error = sosleep_nsec(so, &so->so_timeo, PSOCK | PCATCH, -- cgit v1.2.3