diff options
author | rwatson <rwatson@FreeBSD.org> | 2001-09-26 20:15:42 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2001-09-26 20:15:42 +0000 |
commit | 6f5b301241e06d3fa59cf788389b0a3db1f83aea (patch) | |
tree | 19824b8641fb2d7ad8bcbd207478945aba23bd3f /sys/dev/random | |
parent | 9da4982eda20c0a3cb5a6aa2d932e9d17462e108 (diff) | |
download | FreeBSD-src-6f5b301241e06d3fa59cf788389b0a3db1f83aea.zip FreeBSD-src-6f5b301241e06d3fa59cf788389b0a3db1f83aea.tar.gz |
o Modify open() and close() for /dev/random to use securelevel_gt() instead
of direct securelevel variable checks.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/dev/random')
-rw-r--r-- | sys/dev/random/randomdev.c | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/sys/dev/random/randomdev.c b/sys/dev/random/randomdev.c index a0bd578..cd6f873 100644 --- a/sys/dev/random/randomdev.c +++ b/sys/dev/random/randomdev.c @@ -141,17 +141,27 @@ SYSCTL_PROC(_kern_random_sys_harvest, OID_AUTO, interrupt, static int random_open(dev_t dev, int flags, int fmt, struct thread *td) { - if ((flags & FWRITE) && (securelevel > 0 || suser(td->td_proc))) - return EPERM; - else - return 0; + int error; + + if (flags & FWRITE) { + error = suser(td->td_proc); + if (error) + return (error); + error = securelevel_gt(td->td_proc->p_ucred, 0); + if (error) + return (error); + } + return 0; } static int random_close(dev_t dev, int flags, int fmt, struct thread *td) { - if ((flags & FWRITE) && !(securelevel > 0 || suser(td->td_proc))) - random_reseed(); + if (flags & FWRITE) { + if (!(suser(td->td_proc) || + securelevel_gt(td->td_proc->p_ucred, 0))) + random_reseed(); + } return 0; } |