summaryrefslogtreecommitdiffstats
path: root/sys/netinet/ip_dummynet.c
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2001-09-26 19:58:29 +0000
committerrwatson <rwatson@FreeBSD.org>2001-09-26 19:58:29 +0000
commit823d828036dcc0c73682377a119e160758282ac6 (patch)
treeeeeffdfe9656f5ba31eeecb7aa83f630aeb00d3b /sys/netinet/ip_dummynet.c
parentfdf54f85412fc6d3bf9d01baa77b65a0d6a4b22f (diff)
downloadFreeBSD-src-823d828036dcc0c73682377a119e160758282ac6.zip
FreeBSD-src-823d828036dcc0c73682377a119e160758282ac6.tar.gz
o Modify IPFW and DUMMYNET administrative setsockopt() calls to use
securelevel_gt() to check the securelevel, rather than direct access to the securelevel variable. Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/netinet/ip_dummynet.c')
-rw-r--r--sys/netinet/ip_dummynet.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/sys/netinet/ip_dummynet.c b/sys/netinet/ip_dummynet.c
index 8f69866..b46be2e 100644
--- a/sys/netinet/ip_dummynet.c
+++ b/sys/netinet/ip_dummynet.c
@@ -1817,8 +1817,11 @@ ip_dn_ctl(struct sockopt *sopt)
struct dn_pipe *p, tmp_pipe;
/* Disallow sets in really-really secure mode. */
- if (sopt->sopt_dir == SOPT_SET && securelevel >= 3)
- return (EPERM);
+ if (sopt->sopt_dir == SOPT_SET) {
+ error = securelevel_ge(sopt->sopt_td->td_proc->p_ucred, 3);
+ if (error)
+ return (error);
+ }
switch (sopt->sopt_name) {
default :
OpenPOWER on IntegriCloud