diff options
author | rwatson <rwatson@FreeBSD.org> | 2001-09-26 19:58:29 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2001-09-26 19:58:29 +0000 |
commit | 823d828036dcc0c73682377a119e160758282ac6 (patch) | |
tree | eeeffdfe9656f5ba31eeecb7aa83f630aeb00d3b /sys/netinet/ip_dummynet.c | |
parent | fdf54f85412fc6d3bf9d01baa77b65a0d6a4b22f (diff) | |
download | FreeBSD-src-823d828036dcc0c73682377a119e160758282ac6.zip FreeBSD-src-823d828036dcc0c73682377a119e160758282ac6.tar.gz |
o Modify IPFW and DUMMYNET administrative setsockopt() calls to use
securelevel_gt() to check the securelevel, rather than direct access
to the securelevel variable.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/netinet/ip_dummynet.c')
-rw-r--r-- | sys/netinet/ip_dummynet.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/sys/netinet/ip_dummynet.c b/sys/netinet/ip_dummynet.c index 8f69866..b46be2e 100644 --- a/sys/netinet/ip_dummynet.c +++ b/sys/netinet/ip_dummynet.c @@ -1817,8 +1817,11 @@ ip_dn_ctl(struct sockopt *sopt) struct dn_pipe *p, tmp_pipe; /* Disallow sets in really-really secure mode. */ - if (sopt->sopt_dir == SOPT_SET && securelevel >= 3) - return (EPERM); + if (sopt->sopt_dir == SOPT_SET) { + error = securelevel_ge(sopt->sopt_td->td_proc->p_ucred, 3); + if (error) + return (error); + } switch (sopt->sopt_name) { default : |