summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sys/kern/kern_mib.c24
-rw-r--r--sys/kern/kern_prot.c2
-rw-r--r--sys/sys/systm.h1
3 files changed, 27 insertions, 0 deletions
diff --git a/sys/kern/kern_mib.c b/sys/kern/kern_mib.c
index 35c70fb..bc480c3 100644
--- a/sys/kern/kern_mib.c
+++ b/sys/kern/kern_mib.c
@@ -182,6 +182,30 @@ sysctl_kern_securelvl SYSCTL_HANDLER_ARGS
SYSCTL_PROC(_kern, KERN_SECURELVL, securelevel, CTLTYPE_INT|CTLFLAG_RW,
0, 0, sysctl_kern_securelvl, "I", "Current secure level");
+int suser_permitted = 1;
+
+static int
+sysctl_kern_suser_permitted SYSCTL_HANDLER_ARGS
+{
+ int error, flag;
+
+ flag = suser_permitted;
+
+ error = sysctl_handle_int(oidp, &flag, 0, req);
+ if (error || !req->newptr)
+ return (error);
+ if (flag != 0 && flag != 1)
+ return(EPERM);
+ if (!suser_permitted)
+ return(EPERM);
+ suser_permitted = flag;
+ return (0);
+}
+
+SYSCTL_PROC(_kern, OID_AUTO, suser_permitted,
+ CTLTYPE_INT|CTLFLAG_RW, 0, 0, sysctl_kern_suser_permitted, "I",
+ "processes with uid 0 have privilege");
+
char domainname[MAXHOSTNAMELEN];
SYSCTL_STRING(_kern, KERN_NISDOMAINNAME, domainname, CTLFLAG_RW,
&domainname, sizeof(domainname), "Name of the current YP/NIS domain");
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 3be52c8..9194e55 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -950,6 +950,8 @@ suser_xxx(cred, proc, flag)
struct proc *proc;
int flag;
{
+ if (!suser_permitted)
+ return (EPERM);
if (!cred && !proc) {
printf("suser_xxx(): THINK!\n");
return (EPERM);
diff --git a/sys/sys/systm.h b/sys/sys/systm.h
index 3f900a8..059fd89 100644
--- a/sys/sys/systm.h
+++ b/sys/sys/systm.h
@@ -47,6 +47,7 @@
#include <sys/callout.h>
extern int securelevel; /* system security level (see init(8)) */
+extern int suser_permitted; /* suser_xxx() is permitted to return 0 */
extern int cold; /* nonzero if we are doing a cold boot */
extern const char *panicstr; /* panic message */
OpenPOWER on IntegriCloud