From c82627aae2c2be73e09f1482a610735569e03cf9 Mon Sep 17 00:00:00 2001
From: Andreas Kling <awesomekling@gmail.com>
Date: Mon, 2 Sep 2019 18:49:54 +0200
Subject: [PATCH] Kernel: Don't allow non-superusers to bind TCP/UDP ports <
 1024

---
 Kernel/Net/IPv4Socket.cpp | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/Kernel/Net/IPv4Socket.cpp b/Kernel/Net/IPv4Socket.cpp
index 77077b79c0..6c66508784 100644
--- a/Kernel/Net/IPv4Socket.cpp
+++ b/Kernel/Net/IPv4Socket.cpp
@@ -82,8 +82,17 @@ KResult IPv4Socket::bind(const sockaddr* address, socklen_t address_size)
         return KResult(-EINVAL);
 
     auto& ia = *(const sockaddr_in*)address;
+
+    auto requested_local_port = ntohs(ia.sin_port);
+    if (!current->process().is_superuser()) {
+        if (requested_local_port < 1024) {
+            dbg() << current->process() << " (uid " << current->process().uid() << ") attempted to bind " << class_name() << " to port " << requested_local_port;
+            return KResult(-EACCES);
+        }
+    }
+
     m_local_address = IPv4Address((const u8*)&ia.sin_addr.s_addr);
-    m_local_port = ntohs(ia.sin_port);
+    m_local_port = requested_local_port;
 
     dbgprintf("IPv4Socket::bind %s{%p} to %s:%u\n", class_name(), this, m_local_address.to_string().characters(), m_local_port);