diff options
-rw-r--r-- | sys/kern/kern_mib.c | 24 | ||||
-rw-r--r-- | sys/kern/kern_prot.c | 2 | ||||
-rw-r--r-- | sys/sys/systm.h | 1 |
3 files changed, 27 insertions, 0 deletions
diff --git a/sys/kern/kern_mib.c b/sys/kern/kern_mib.c index 35c70fb..bc480c3 100644 --- a/sys/kern/kern_mib.c +++ b/sys/kern/kern_mib.c @@ -182,6 +182,30 @@ sysctl_kern_securelvl SYSCTL_HANDLER_ARGS SYSCTL_PROC(_kern, KERN_SECURELVL, securelevel, CTLTYPE_INT|CTLFLAG_RW, 0, 0, sysctl_kern_securelvl, "I", "Current secure level"); +int suser_permitted = 1; + +static int +sysctl_kern_suser_permitted SYSCTL_HANDLER_ARGS +{ + int error, flag; + + flag = suser_permitted; + + error = sysctl_handle_int(oidp, &flag, 0, req); + if (error || !req->newptr) + return (error); + if (flag != 0 && flag != 1) + return(EPERM); + if (!suser_permitted) + return(EPERM); + suser_permitted = flag; + return (0); +} + +SYSCTL_PROC(_kern, OID_AUTO, suser_permitted, + CTLTYPE_INT|CTLFLAG_RW, 0, 0, sysctl_kern_suser_permitted, "I", + "processes with uid 0 have privilege"); + char domainname[MAXHOSTNAMELEN]; SYSCTL_STRING(_kern, KERN_NISDOMAINNAME, domainname, CTLFLAG_RW, &domainname, sizeof(domainname), "Name of the current YP/NIS domain"); diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 3be52c8..9194e55 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -950,6 +950,8 @@ suser_xxx(cred, proc, flag) struct proc *proc; int flag; { + if (!suser_permitted) + return (EPERM); if (!cred && !proc) { printf("suser_xxx(): THINK!\n"); return (EPERM); diff --git a/sys/sys/systm.h b/sys/sys/systm.h index 3f900a8..059fd89 100644 --- a/sys/sys/systm.h +++ b/sys/sys/systm.h @@ -47,6 +47,7 @@ #include <sys/callout.h> extern int securelevel; /* system security level (see init(8)) */ +extern int suser_permitted; /* suser_xxx() is permitted to return 0 */ extern int cold; /* nonzero if we are doing a cold boot */ extern const char *panicstr; /* panic message */ |