+2 -3

share/man/man4/bpf.4

reviewed

··· 1 1 - .\" $OpenBSD: bpf.4,v 1.47 2024/08/15 12:20:20 dlg Exp $ 1 1 + .\" $OpenBSD: bpf.4,v 1.48 2025/11/13 10:53:25 deraadt Exp $ 2 2 .\" $NetBSD: bpf.4,v 1.7 1995/09/27 18:31:50 thorpej Exp $ 3 3 .\" 4 4 .\" Copyright (c) 1990 The Regents of the University of California. ··· 23 23 .\" This document is derived in part from the enet man page (enet.4) 24 24 .\" distributed with 4.3BSD Unix. 25 25 .\" 26 26 - .Dd $Mdocdate: August 15 2024 $ 26 26 + .Dd $Mdocdate: November 13 2025 $ 27 27 .Dt BPF 4 28 28 .Os 29 29 .Sh NAME ··· 229 229 Use of any other ioctl is denied with error 230 230 .Er EPERM . 231 231 Once a descriptor is locked, it is not possible to unlock it. 232 232 - A process with root privileges is not affected by the lock. 233 232 .Pp 234 233 A privileged program can open a 235 234 .Nm

+3 -3

sys/net/bpf.c

reviewed

··· 1 1 - /* $OpenBSD: bpf.c,v 1.234 2025/07/07 02:28:50 jsg Exp $ */ 1 1 + /* $OpenBSD: bpf.c,v 1.235 2025/11/13 10:53:25 deraadt Exp $ */ 2 2 /* $NetBSD: bpf.c,v 1.33 1997/02/21 23:59:35 thorpej Exp $ */ 3 3 4 4 /* ··· 778 778 int error = 0; 779 779 780 780 d = bpfilter_lookup(minor(dev)); 781 781 - if (d->bd_locked && suser(p) != 0) { 782 782 - /* list of allowed ioctls when locked and not root */ 781 781 + if (d->bd_locked) { 782 782 + /* list of allowed ioctls when locked */ 783 783 switch (cmd) { 784 784 case BIOCGBLEN: 785 785 case BIOCFLUSH: