In sysctl, req->td is believed always to be non-NULL, so there's no need

to test req->td for NULL values and then do somewhat more bizarre things
relating to securelevel special-casing and suser checks.  Remove the
testing and conditional security checks based on req->td!=NULL, and insert
a KASSERT that td != NULL.  Callers to sysctl must always specify the
thread (be it kernel or otherwise) requesting the operation, or a
number of current sysctls will fail due to assumptions that the thread
exists.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
Discussed with:	bde

1 files changed, 14 insertions, 20 deletions

diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c
index 2b725ee..9942ca1 100644
--- a/sys/kern/kern_sysctl.c
+++ b/sys/kern/kern_sysctl.c
@@ -1067,32 +1067,26 @@ sysctl_root(SYSCTL_HANDLER_ARGS)
 	if (req->newptr && !(oid->oid_kind & CTLFLAG_WR))
 		return (EPERM);
 
+	KASSERT(req->td != NULL, ("sysctl_root(): req->td == NULL"));
+
 	/* Is this sysctl sensitive to securelevels? */
 	if (req->newptr && (oid->oid_kind & CTLFLAG_SECURE)) {
-		if (req->td == NULL) {
-			error = securelevel_gt(NULL, 0);	/* XXX */
-			if (error)
-				return (error);
-		} else {
-			error = securelevel_gt(req->td->td_ucred, 0);
-			if (error)
-				return (error);
-		}
+		error = securelevel_gt(req->td->td_ucred, 0);
+		if (error)
+			return (error);
 	}
 
 	/* Is this sysctl writable by only privileged users? */
 	if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) {
-		if (req->td != NULL) {
-			int flags;
-
-			if (oid->oid_kind & CTLFLAG_PRISON)
-				flags = PRISON_ROOT;
-			else
-				flags = 0;
-			error = suser_xxx(NULL, req->td->td_proc, flags);
-			if (error)
-				return (error);
-		}
+		int flags;
+
+		if (oid->oid_kind & CTLFLAG_PRISON)
+			flags = PRISON_ROOT;
+		else
+			flags = 0;
+		error = suser_xxx(NULL, req->td->td_proc, flags);
+		if (error)
+			return (error);
 	}
 
 	if (!oid->oid_handler)