Don't ever allow lowering the securelevel at all. Allowing it does

nothing good except of opening a can of (potential or real) security holes. People maintaining a machine with higher security requirements need to be on the console anyway, so there's no point in not forcing them to reboot before starting maintenance. Agreed by: hackers, guido
author: joerg <joerg@FreeBSD.org> 1997-06-25 07:31:47 +0000
committer: joerg <joerg@FreeBSD.org> 1997-06-25 07:31:47 +0000
commit: ab6f1bf5cada92780e902c44dbe5eb5028e1cff8 (patch)
tree: d0d15c3f181097d8e89238aa3ade40b2157acc37 /sys/kern/kern_mib.c
parent: a7f2d3da858505a451e876440a4b9b1dee5e5b9e (diff)
download: FreeBSD-src-ab6f1bf5cada92780e902c44dbe5eb5028e1cff8.zip
FreeBSD-src-ab6f1bf5cada92780e902c44dbe5eb5028e1cff8.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/kern/kern_mib.c b/sys/kern/kern_mib.c
index 8105aa4..42e2652 100644
--- a/sys/kern/kern_mib.c
+++ b/sys/kern/kern_mib.c
@@ -37,7 +37,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)kern_sysctl.c	8.4 (Berkeley) 4/14/94
- * $Id: kern_mib.c,v 1.7 1997/03/03 12:58:19 bde Exp $
+ * $Id: kern_mib.c,v 1.8 1997/03/04 18:31:54 bde Exp $
  */
 
 #include <sys/param.h>
@@ -123,7 +123,7 @@ sysctl_kern_securelvl SYSCTL_HANDLER_ARGS
 		error = sysctl_handle_int(oidp, &level, 0, req);
 		if (error || !req->newptr)
 			return (error);
-		if (level < securelevel && req->p->p_pid != 1)
+		if (level < securelevel)
 			return (EPERM);
 		securelevel = level;
 		return (error);
author	joerg <joerg@FreeBSD.org>	1997-06-25 07:31:47 +0000
committer	joerg <joerg@FreeBSD.org>	1997-06-25 07:31:47 +0000
commit	ab6f1bf5cada92780e902c44dbe5eb5028e1cff8 (patch)
tree	d0d15c3f181097d8e89238aa3ade40b2157acc37 /sys/kern/kern_mib.c
parent	a7f2d3da858505a451e876440a4b9b1dee5e5b9e (diff)
download	FreeBSD-src-ab6f1bf5cada92780e902c44dbe5eb5028e1cff8.zip FreeBSD-src-ab6f1bf5cada92780e902c44dbe5eb5028e1cff8.tar.gz