From 8b35a91577db50e470c0303565b08db6e364ca36 Mon Sep 17 00:00:00 2001
From: Tulio A M Mendes <tadryanom@hotmail.com>
Date: Tue, 26 May 2026 02:10:48 -0300
Subject: [PATCH] security: add root privilege check for SOCK_RAW sockets (Fase
 2)

---
 src/kernel/socket.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/kernel/socket.c b/src/kernel/socket.c
index f3e3ddd4..c0f2591c 100644
--- a/src/kernel/socket.c
+++ b/src/kernel/socket.c
@@ -249,6 +249,13 @@ int ksocket_create(int domain, int type, int protocol) {
     if (domain != AF_INET) return -EAFNOSUPPORT;
     if (type != SOCK_STREAM && type != SOCK_DGRAM && type != SOCK_RAW) return -EPROTONOSUPPORT;
 
+    /* SOCK_RAW requires root privilege */
+    if (type == SOCK_RAW) {
+        if (!current_process || current_process->euid != 0) {
+            return -EPERM;
+        }
+    }
+
     int sid = alloc_socket();
     if (sid < 0) return sid;
 
-- 
2.43.0