security: add root privilege check for SOCK_RAW sockets (Fase 2)

author Tulio A M Mendes <[email protected]>

Tue, 26 May 2026 05:10:48 +0000 (02:10 -0300)

committer Tulio A M Mendes <[email protected]>

Wed, 3 Jun 2026 05:52:27 +0000 (02:52 -0300)
author Tulio A M Mendes <[email protected]>
Tue, 26 May 2026 05:10:48 +0000 (02:10 -0300)
committer Tulio A M Mendes <[email protected]>
Wed, 3 Jun 2026 05:52:27 +0000 (02:52 -0300)
diff --git a/src/kernel/socket.c b/src/kernel/socket.c

index f3e3ddd49d74336e68359a285c8bbede0953aaa4..c0f2591c2d634c7086d9d1a0569d8a613d5efd5f 100644 (file)
--- a/src/kernel/socket.c
+++ b/src/kernel/socket.c
@@ -249,6 +249,13 @@ int ksocket_create(int domain, int type, int protocol) {
      if (domain != AF_INET) return -EAFNOSUPPORT;
      if (type != SOCK_STREAM && type != SOCK_DGRAM && type != SOCK_RAW) return -EPROTONOSUPPORT;
  
+    /* SOCK_RAW requires root privilege */
+    if (type == SOCK_RAW) {
+        if (!current_process || current_process->euid != 0) {
+            return -EPERM;
+        }
+    }
+
      int sid = alloc_socket();
      if (sid < 0) return sid;
author	Tulio A M Mendes <[email protected]>
	Tue, 26 May 2026 05:10:48 +0000 (02:10 -0300)
committer	Tulio A M Mendes <[email protected]>
	Wed, 3 Jun 2026 05:52:27 +0000 (02:52 -0300)