Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/sys/kern/uipc_socket.c,v
retrieving revision 1.126
retrieving revision 1.127
diff -u -p -r1.126 -r1.127
--- src/sys/kern/uipc_socket.c	2006/10/12 01:32:19	1.126
+++ src/sys/kern/uipc_socket.c	2006/10/25 22:49:23	1.127
@@ -1,4 +1,4 @@
-/*	$NetBSD: uipc_socket.c,v 1.126 2006/10/12 01:32:19 christos Exp $	*/
+/*	$NetBSD: uipc_socket.c,v 1.127 2006/10/25 22:49:23 elad Exp $	*/
 
 /*-
  * Copyright (c) 2002 The NetBSD Foundation, Inc.
@@ -68,7 +68,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.126 2006/10/12 01:32:19 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.127 2006/10/25 22:49:23 elad Exp $");
 
 #include "opt_sock_counters.h"
 #include "opt_sosend_loan.h"
@@ -474,6 +474,10 @@ socreate(int dom, struct socket **aso, i
 	uid_t		uid;
 	int		error, s;
 
+	if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_SOCKET,
+	    KAUTH_REQ_NETWORK_SOCKET_OPEN, &dom, &type, &proto) != 0)
+		return (EPERM);
+
 	if (proto)
 		prp = pffindproto(dom, proto, type);
 	else