DragonFlyBSD Kernel Audit
← dashboard
DF-0314

Inconsistent privilege enforcement: RFC3542 GET path lacks priv check present in RFC2292 path

Summary

RFC2292 GET for HOPOPTS/DSTOPTS requires priv(:1700-1720). RFC3542 GET via ip6_getpcbopt(:1942-1969) has NO priv check. fd-passing -> unpriv reads sticky ext headers. Low impact: DF-0313 blocks setsockopt path so sticky headers unreachable via setsockopt today.