o Modify open() and close() for /dev/random to use securelevel_gt() instead

of direct securelevel variable checks. Obtained from: TrustedBSD Project
author: rwatson <rwatson@FreeBSD.org> 2001-09-26 20:15:42 +0000
committer: rwatson <rwatson@FreeBSD.org> 2001-09-26 20:15:42 +0000
commit: 6f5b301241e06d3fa59cf788389b0a3db1f83aea (patch)
tree: 19824b8641fb2d7ad8bcbd207478945aba23bd3f /sys/dev/random
parent: 9da4982eda20c0a3cb5a6aa2d932e9d17462e108 (diff)
download: FreeBSD-src-6f5b301241e06d3fa59cf788389b0a3db1f83aea.zip
FreeBSD-src-6f5b301241e06d3fa59cf788389b0a3db1f83aea.tar.gz
1 files changed, 16 insertions, 6 deletions
diff --git a/sys/dev/random/randomdev.c b/sys/dev/random/randomdev.c
index a0bd578..cd6f873 100644
--- a/sys/dev/random/randomdev.c
+++ b/sys/dev/random/randomdev.c
@@ -141,17 +141,27 @@ SYSCTL_PROC(_kern_random_sys_harvest, OID_AUTO, interrupt,
 static int
 random_open(dev_t dev, int flags, int fmt, struct thread *td)
 {
-	if ((flags & FWRITE) && (securelevel > 0 || suser(td->td_proc)))
-		return EPERM;
-	else
-		return 0;
+	int error;
+
+	if (flags & FWRITE) {
+		error = suser(td->td_proc);
+		if (error)
+			return (error);
+		error = securelevel_gt(td->td_proc->p_ucred, 0);
+		if (error)
+			return (error);
+	}
+	return 0;
 }
 
 static int
 random_close(dev_t dev, int flags, int fmt, struct thread *td)
 {
-	if ((flags & FWRITE) && !(securelevel > 0 || suser(td->td_proc)))
-		random_reseed();
+	if (flags & FWRITE) {
+		if (!(suser(td->td_proc) ||
+		    securelevel_gt(td->td_proc->p_ucred, 0)))
+			random_reseed();
+	}
 	return 0;
 }
author	rwatson <rwatson@FreeBSD.org>	2001-09-26 20:15:42 +0000
committer	rwatson <rwatson@FreeBSD.org>	2001-09-26 20:15:42 +0000
commit	6f5b301241e06d3fa59cf788389b0a3db1f83aea (patch)
tree	19824b8641fb2d7ad8bcbd207478945aba23bd3f /sys/dev/random
parent	9da4982eda20c0a3cb5a6aa2d932e9d17462e108 (diff)
download	FreeBSD-src-6f5b301241e06d3fa59cf788389b0a3db1f83aea.zip FreeBSD-src-6f5b301241e06d3fa59cf788389b0a3db1f83aea.tar.gz