summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sys/kern/kern_linker.c16
-rw-r--r--sys/kern/vfs_extattr.c5
-rw-r--r--sys/kern/vfs_syscalls.c5
3 files changed, 20 insertions, 6 deletions
diff --git a/sys/kern/kern_linker.c b/sys/kern/kern_linker.c
index 192877c..9d644d2 100644
--- a/sys/kern/kern_linker.c
+++ b/sys/kern/kern_linker.c
@@ -698,11 +698,13 @@ kldload(struct thread *td, struct kldload_args *uap)
td->td_retval[0] = -1;
- if (securelevel > 0) /* redundant, but that's OK */
- return (EPERM);
-
mtx_lock(&Giant);
+ if (securelevel_gt(td->td_ucred, 0) == 0) {
+ error = EPERM;
+ goto out;
+ }
+
if ((error = suser_xxx(td->td_ucred, NULL, 0)) != 0)
goto out;
@@ -745,11 +747,13 @@ kldunload(struct thread *td, struct kldunload_args *uap)
linker_file_t lf;
int error = 0;
- if (securelevel > 0) /* redundant, but that's OK */
- return (EPERM);
-
mtx_lock(&Giant);
+ if (securelevel_gt(td->td_ucred, 0) == 0) {
+ error = EPERM;
+ goto out;
+ }
+
if ((error = suser_xxx(td->td_ucred, NULL, 0)) != 0)
goto out;
diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c
index 915e26a..8247f8d 100644
--- a/sys/kern/vfs_extattr.c
+++ b/sys/kern/vfs_extattr.c
@@ -307,6 +307,11 @@ vfs_mount(td, fstype, fspath, fsflags, fsdata)
vput(vp);
return error;
}
+ error = securelevel_gt(td->td_ucred, 0);
+ if (error == 0) {
+ vput(vp);
+ return (EPERM);
+ }
error = linker_load_file(fstype, &lf);
if (error || lf == NULL) {
vput(vp);
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 915e26a..8247f8d 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -307,6 +307,11 @@ vfs_mount(td, fstype, fspath, fsflags, fsdata)
vput(vp);
return error;
}
+ error = securelevel_gt(td->td_ucred, 0);
+ if (error == 0) {
+ vput(vp);
+ return (EPERM);
+ }
error = linker_load_file(fstype, &lf);
if (error || lf == NULL) {
vput(vp);
OpenPOWER on IntegriCloud