- Change a check of securelevel to securelevel_gt() call in order to help

  against users within a jail attempting to load kernel modules.
- Add a check of securelevel_gt() to vfs_mount() in order to chop some
  low hanging fruit for the repair of securelevel checking of linking and
  unlinking files from within jails.  There is more to be done here.

Reviewed by: rwatson

1 files changed, 10 insertions, 6 deletions

diff --git a/sys/kern/kern_linker.c b/sys/kern/kern_linker.c
index 192877c..9d644d2 100644
--- a/sys/kern/kern_linker.c
+++ b/sys/kern/kern_linker.c
@@ -698,11 +698,13 @@ kldload(struct thread *td, struct kldload_args *uap)
 
 	td->td_retval[0] = -1;
 
-	if (securelevel > 0)	/* redundant, but that's OK */
-		return (EPERM);
-
 	mtx_lock(&Giant);
 
+	if (securelevel_gt(td->td_ucred, 0) == 0) {
+		error = EPERM;
+		goto out;
+	}
+
 	if ((error = suser_xxx(td->td_ucred, NULL, 0)) != 0)
 		goto out;
 
@@ -745,11 +747,13 @@ kldunload(struct thread *td, struct kldunload_args *uap)
 	linker_file_t lf;
 	int error = 0;
 
-	if (securelevel > 0)	/* redundant, but that's OK */
-		return (EPERM);
-
 	mtx_lock(&Giant);
 
+	if (securelevel_gt(td->td_ucred, 0) == 0) {
+		error = EPERM;
+		goto out;
+	}
+
 	if ((error = suser_xxx(td->td_ucred, NULL, 0)) != 0)
 		goto out;