From: Roy Marples <roy@marples.name>
Date: Thu, 11 Jun 2020 14:37:33 +0000 (+0100)
Subject: Warn if the OS lacks support to lock down BPF or equivalent
X-Git-Tag: v9.1.2~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2b567d99ae5024ad62ac37c8fde5f7d2dfacc18a;p=thirdparty%2Fdhcpcd.git

Warn if the OS lacks support to lock down BPF or equivalent
---

diff --git a/src/bpf.c b/src/bpf.c
index f450a043..d3736a1b 100644
--- a/src/bpf.c
+++ b/src/bpf.c
@@ -703,6 +703,14 @@ bpf_bootp(const struct bpf *bpf, __unused const struct in_addr *ia)
 		return -1;
 	return 0;
 #else
+#ifdef PRIVSEP
+#if defined(__sun) /* Solaris cannot send via BPF. */
+#elif defined(BIOCSETF)
+#warning No BIOCSETWF support - a compromised BPF can be used as a raw socket
+#else
+#warning A compromised PF_PACKET socket can be used as a raw socket
+#endif
+#endif
 	return bpf_bootp_rw(bpf, true);
 #endif
 }