DragonFlyBSD Kernel Audit
← dashboard
DF-0522

thread0 root-credential fallback for socket operations (DF-0510 v1 twin)

Summary

3 call sites(:559,:640,:880) td=curthread->td_proc?curthread:&thread0 XXX broken. When curthread->td_proc==NULL(kernel thread/softint/netgraph dispatch) falls back to thread0=root creds. td passed to socreate(:598) sobind(:662) solisten(:674) soconnect(:726) sosend(:912). PRIV_NET_RAW PRIV_NET_PRIV_PORT bind<1024 jail bypass all evaluated against root. Identical to DF-0510(ng7). Developer comment acknowledges broken. Fix: capture credential at node creation fail closed when no user cred available.