From: Roy Marples <roy@marples.name>
Date: Sat, 3 Oct 2020 16:00:56 +0000 (+0100)
Subject: privsep: We need getsockopt as well as setsockopt on the link socket
X-Git-Tag: v9.3.0~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=984496259fe1b2fb7fd04d7f2c348ac1a2c7985f;p=thirdparty%2Fdhcpcd.git

privsep: We need getsockopt as well as setsockopt on the link socket

So we can report receive buffer size.
Important for route(4) overflow so we can try and set a bigger buffer.
---

diff --git a/src/if-bsd.c b/src/if-bsd.c
index 75b7e62a..8f10acdc 100644
--- a/src/if-bsd.c
+++ b/src/if-bsd.c
@@ -216,8 +216,10 @@ if_opensockets_os(struct dhcpcd_ctx *ctx)
 #endif
 
 #ifdef PRIVSEP_RIGHTS
+	/* We need to getsockopt for SO_RCVBUF and
+	 * setsockopt for RO_MISSFILTER. */
 	if (IN_PRIVSEP(ctx))
-		ps_rights_limit_fd_setsockopt(ctx->link_fd);
+		ps_rights_limit_fd_sockopt(ctx->link_fd);
 #endif
 
 	return 0;
diff --git a/src/privsep.c b/src/privsep.c
index 693a87f5..b54b1b7a 100644
--- a/src/privsep.c
+++ b/src/privsep.c
@@ -260,11 +260,12 @@ ps_rights_limit_fd(int fd)
 }
 
 int
-ps_rights_limit_fd_setsockopt(int fd)
+ps_rights_limit_fd_sockopt(int fd)
 {
 	cap_rights_t rights;
 
-	cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_EVENT, CAP_SETSOCKOPT);
+	cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_EVENT,
+	    CAP_GETSOCKOPT, CAP_SETSOCKOPT);
 	if (cap_rights_limit(fd, &rights) == -1 && errno != ENOSYS)
 		return -1;
 	return 0;
diff --git a/src/privsep.h b/src/privsep.h
index cd26a842..4fd33e7f 100644
--- a/src/privsep.h
+++ b/src/privsep.h
@@ -197,7 +197,7 @@ int ps_setbuf_fdpair(int []);
 int ps_rights_limit_ioctl(int);
 int ps_rights_limit_fd_fctnl(int);
 int ps_rights_limit_fd_rdonly(int);
-int ps_rights_limit_fd_setsockopt(int);
+int ps_rights_limit_fd_sockopt(int);
 int ps_rights_limit_fd(int);
 int ps_rights_limit_fdpair(int []);
 #endif