From 5b0474804c95b1d4f3b02a5b2a41c436ae017433 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Thu, 30 Apr 2015 11:52:06 +0200
Subject: [PATCH 037/257] ggated recv_thread(): In case of read-only files,
 only accept read commands

Accepting write commands etc. is not a security problem because
the file descriptor isn't writeable anyway, but accepting requests
other than reads could hide client bugs.


Obtained from: ElectroBSD
---
 sbin/ggate/ggated/ggated.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/sbin/ggate/ggated/ggated.c b/sbin/ggate/ggated/ggated.c
index 383386b57cef..5ae9d2f7a8f1 100644
--- a/sbin/ggate/ggated/ggated.c
+++ b/sbin/ggate/ggated/ggated.c
@@ -679,6 +679,12 @@ recv_thread(void *arg)
 			    "not fit sector size.");
 		}
 
+		if ((conn->c_flags & GGATE_FLAG_RDONLY) != 0
+		    && req->r_cmd != GGATE_CMD_READ) {
+			g_gate_xlog("%s request received for read-only file",
+			    g_gate_cmd2str(req->r_cmd));
+		}
+
 		/*
 		 * Limit the amount of memory we allocate on behalf of
 		 * the client. MAXPHYS is the hard limit in ggatec,
-- 
2.11.0