diff options
author | alex <alex@FreeBSD.org> | 1997-06-21 16:09:49 +0000 |
---|---|---|
committer | alex <alex@FreeBSD.org> | 1997-06-21 16:09:49 +0000 |
commit | 793295a94d96fd8954918d322646bb6dd2219c2d (patch) | |
tree | 666fc804037e3a2cf9f92420771bd0eabe14b8e8 /sys | |
parent | db73f6494a8d9127417e8ddf01f5b7c8fa81276b (diff) | |
download | FreeBSD-src-793295a94d96fd8954918d322646bb6dd2219c2d.zip FreeBSD-src-793295a94d96fd8954918d322646bb6dd2219c2d.tar.gz |
Block all write operations to /proc/1/* when securelevel > 0.
The additional check in procfs_ctl.c could be backed out, but
I'm leaving it in for good measure.
Reviewed by: Theo de Raadt <deraadt@OpenBSD.org>
Diffstat (limited to 'sys')
-rw-r--r-- | sys/fs/procfs/procfs_subr.c | 4 | ||||
-rw-r--r-- | sys/miscfs/procfs/procfs_subr.c | 4 |
2 files changed, 6 insertions, 2 deletions
diff --git a/sys/fs/procfs/procfs_subr.c b/sys/fs/procfs/procfs_subr.c index 8c5224b..072331c 100644 --- a/sys/fs/procfs/procfs_subr.c +++ b/sys/fs/procfs/procfs_subr.c @@ -36,7 +36,7 @@ * * @(#)procfs_subr.c 8.6 (Berkeley) 5/14/95 * - * $Id: procfs_subr.c,v 1.13 1997/02/22 09:40:30 peter Exp $ + * $Id: procfs_subr.c,v 1.14 1997/03/08 16:06:34 bde Exp $ */ #include <sys/param.h> @@ -242,6 +242,8 @@ procfs_rw(ap) p = PFIND(pfs->pfs_pid); if (p == 0) return (EINVAL); + if (p->p_pid == 1 && securelevel > 0 && uio->uio_rw == UIO_WRITE) + return(EACCES); while (pfs->pfs_lockowner) { tsleep(&pfs->pfs_lockowner, PRIBIO, "pfslck", 0); diff --git a/sys/miscfs/procfs/procfs_subr.c b/sys/miscfs/procfs/procfs_subr.c index 8c5224b..072331c 100644 --- a/sys/miscfs/procfs/procfs_subr.c +++ b/sys/miscfs/procfs/procfs_subr.c @@ -36,7 +36,7 @@ * * @(#)procfs_subr.c 8.6 (Berkeley) 5/14/95 * - * $Id: procfs_subr.c,v 1.13 1997/02/22 09:40:30 peter Exp $ + * $Id: procfs_subr.c,v 1.14 1997/03/08 16:06:34 bde Exp $ */ #include <sys/param.h> @@ -242,6 +242,8 @@ procfs_rw(ap) p = PFIND(pfs->pfs_pid); if (p == 0) return (EINVAL); + if (p->p_pid == 1 && securelevel > 0 && uio->uio_rw == UIO_WRITE) + return(EACCES); while (pfs->pfs_lockowner) { tsleep(&pfs->pfs_lockowner, PRIBIO, "pfslck", 0); |