From bb7f64f0a38414e95f5abebfcd63da70c3111065 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Thu, 30 Apr 2015 11:52:06 +0200
Subject: [PATCH 307/325] ggated recv_thread(): In case of read-only files,
 only accept read commands

Accepting write commands etc. is not a security problem because
the file descriptor isn't writeable anyway, but accepting requests
other than reads could hide client bugs.

Obtained from: ElectroBSD
---
 sbin/ggate/ggated/ggated.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/sbin/ggate/ggated/ggated.c b/sbin/ggate/ggated/ggated.c
index fed36964939f..f811b853f79c 100644
--- a/sbin/ggate/ggated/ggated.c
+++ b/sbin/ggate/ggated/ggated.c
@@ -694,6 +694,12 @@ recv_thread(void *arg)
 			    "not fit sector size.");
 		}
 
+		if ((conn->c_flags & GGATE_FLAG_RDONLY) != 0
+		    && req->r_cmd != GGATE_CMD_READ) {
+			g_gate_xlog("%s request received for read-only file",
+			    g_gate_cmd2str(req->r_cmd));
+		}
+
 		/*
 		 * Limit the amount of memory we allocate on behalf of
 		 * the client. MAXPHYS is the hard limit in ggatec,
-- 
2.32.0