summaryrefslogtreecommitdiffstats
path: root/sys/kern
diff options
context:
space:
mode:
Diffstat (limited to 'sys/kern')
-rw-r--r--sys/kern/kern_mib.c24
-rw-r--r--sys/kern/kern_prot.c2
2 files changed, 26 insertions, 0 deletions
diff --git a/sys/kern/kern_mib.c b/sys/kern/kern_mib.c
index 35c70fb..bc480c3 100644
--- a/sys/kern/kern_mib.c
+++ b/sys/kern/kern_mib.c
@@ -182,6 +182,30 @@ sysctl_kern_securelvl SYSCTL_HANDLER_ARGS
SYSCTL_PROC(_kern, KERN_SECURELVL, securelevel, CTLTYPE_INT|CTLFLAG_RW,
0, 0, sysctl_kern_securelvl, "I", "Current secure level");
+int suser_permitted = 1;
+
+static int
+sysctl_kern_suser_permitted SYSCTL_HANDLER_ARGS
+{
+ int error, flag;
+
+ flag = suser_permitted;
+
+ error = sysctl_handle_int(oidp, &flag, 0, req);
+ if (error || !req->newptr)
+ return (error);
+ if (flag != 0 && flag != 1)
+ return(EPERM);
+ if (!suser_permitted)
+ return(EPERM);
+ suser_permitted = flag;
+ return (0);
+}
+
+SYSCTL_PROC(_kern, OID_AUTO, suser_permitted,
+ CTLTYPE_INT|CTLFLAG_RW, 0, 0, sysctl_kern_suser_permitted, "I",
+ "processes with uid 0 have privilege");
+
char domainname[MAXHOSTNAMELEN];
SYSCTL_STRING(_kern, KERN_NISDOMAINNAME, domainname, CTLFLAG_RW,
&domainname, sizeof(domainname), "Name of the current YP/NIS domain");
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 3be52c8..9194e55 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -950,6 +950,8 @@ suser_xxx(cred, proc, flag)
struct proc *proc;
int flag;
{
+ if (!suser_permitted)
+ return (EPERM);
if (!cred && !proc) {
printf("suser_xxx(): THINK!\n");
return (EPERM);
OpenPOWER on IntegriCloud