summaryrefslogtreecommitdiffstats
path: root/sys/contrib
diff options
context:
space:
mode:
Diffstat (limited to 'sys/contrib')
-rw-r--r--sys/contrib/ipfilter/netinet/ip_fil_freebsd.c6
-rw-r--r--sys/contrib/ipfilter/netinet/ip_nat.c4
2 files changed, 10 insertions, 0 deletions
diff --git a/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c b/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
index fee97c5..3e0e633 100644
--- a/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
+++ b/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
@@ -318,8 +318,10 @@ int iplioctl(dev, cmd, data, mode
# if (__FreeBSD_version >= 500024)
struct thread *p;
# if (__FreeBSD_version >= 500043)
+# define p_cred td_ucred
# define p_uid td_ucred->cr_ruid
# else
+# define p_cred t_proc->p_cred
# define p_uid t_proc->p_cred->p_ruid
# endif
# else
@@ -342,7 +344,11 @@ int mode;
SPL_INT(s);
#if (BSD >= 199306) && defined(_KERNEL)
+# if (__FreeBSD_version >= 500034)
+ if (securelevel_ge(p->p_cred, 3) && (mode & FWRITE))
+# else
if ((securelevel >= 3) && (mode & FWRITE))
+# endif
return EPERM;
#endif
diff --git a/sys/contrib/ipfilter/netinet/ip_nat.c b/sys/contrib/ipfilter/netinet/ip_nat.c
index d6f0b55..f790c7d 100644
--- a/sys/contrib/ipfilter/netinet/ip_nat.c
+++ b/sys/contrib/ipfilter/netinet/ip_nat.c
@@ -662,7 +662,11 @@ void *ctx;
return EPERM;
}
# else
+# if defined(__FreeBSD_version) && (__FreeBSD_version >= 500034)
+ if (securelevel_ge(curthread->td_ucred, 3) && (mode & FWRITE)) {
+# else
if ((securelevel >= 3) && (mode & FWRITE)) {
+# endif
return EPERM;
}
# endif
OpenPOWER on IntegriCloud