diff options
author | rwatson <rwatson@FreeBSD.org> | 2000-06-05 14:53:55 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2000-06-05 14:53:55 +0000 |
commit | 68239103ca69ad700547a0a80b8af367f735e0d1 (patch) | |
tree | 230cbbf17decee8cffa54408bc4fa0b76b6da98d /sys/kern | |
parent | 051a92f4cd76b6608fa5a85e1d95a4ddfd8be0e7 (diff) | |
download | FreeBSD-src-68239103ca69ad700547a0a80b8af367f735e0d1.zip FreeBSD-src-68239103ca69ad700547a0a80b8af367f735e0d1.tar.gz |
o Introduce kern.suser_permitted, a sysctl that disables the suser_xxx()
returning anything but EPERM.
o suser is enabled by default; once disabled, cannot be reenabled
o To be used in alternative security models where uid0 does not connote
additional privileges
o Should be noted that uid0 still has some additional powers as it
owns many important files and executables, so suffers from the same
fundamental security flaws as securelevels. This is fixed with
MAC integrity protection code (in progress)
o Not safe for consumption unless you are *really* sure you don't want
things like shutdown to work, et al :-)
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/kern')
-rw-r--r-- | sys/kern/kern_mib.c | 24 | ||||
-rw-r--r-- | sys/kern/kern_prot.c | 2 |
2 files changed, 26 insertions, 0 deletions
diff --git a/sys/kern/kern_mib.c b/sys/kern/kern_mib.c index 35c70fb..bc480c3 100644 --- a/sys/kern/kern_mib.c +++ b/sys/kern/kern_mib.c @@ -182,6 +182,30 @@ sysctl_kern_securelvl SYSCTL_HANDLER_ARGS SYSCTL_PROC(_kern, KERN_SECURELVL, securelevel, CTLTYPE_INT|CTLFLAG_RW, 0, 0, sysctl_kern_securelvl, "I", "Current secure level"); +int suser_permitted = 1; + +static int +sysctl_kern_suser_permitted SYSCTL_HANDLER_ARGS +{ + int error, flag; + + flag = suser_permitted; + + error = sysctl_handle_int(oidp, &flag, 0, req); + if (error || !req->newptr) + return (error); + if (flag != 0 && flag != 1) + return(EPERM); + if (!suser_permitted) + return(EPERM); + suser_permitted = flag; + return (0); +} + +SYSCTL_PROC(_kern, OID_AUTO, suser_permitted, + CTLTYPE_INT|CTLFLAG_RW, 0, 0, sysctl_kern_suser_permitted, "I", + "processes with uid 0 have privilege"); + char domainname[MAXHOSTNAMELEN]; SYSCTL_STRING(_kern, KERN_NISDOMAINNAME, domainname, CTLFLAG_RW, &domainname, sizeof(domainname), "Name of the current YP/NIS domain"); diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 3be52c8..9194e55 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -950,6 +950,8 @@ suser_xxx(cred, proc, flag) struct proc *proc; int flag; { + if (!suser_permitted) + return (EPERM); if (!cred && !proc) { printf("suser_xxx(): THINK!\n"); return (EPERM); |