summaryrefslogtreecommitdiffstats
path: root/sys/kern
diff options
context:
space:
mode:
Diffstat (limited to 'sys/kern')
-rw-r--r--sys/kern/subr_prf.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/sys/kern/subr_prf.c b/sys/kern/subr_prf.c
index 5e2d310..fcb2dd5 100644
--- a/sys/kern/subr_prf.c
+++ b/sys/kern/subr_prf.c
@@ -819,12 +819,25 @@ msgbufinit(void *ptr, size_t size)
oldp = msgbufp;
}
+SYSCTL_DECL(_kern_security_bsd);
+
+static int unprivileged_read_msgbuf = 1;
+SYSCTL_INT(_kern_security_bsd, OID_AUTO, unprivileged_read_msgbuf,
+ CTLFLAG_RW, &unprivileged_read_msgbuf, 0,
+ "Unprivileged processes may read the kernel message buffer");
+
/* Sysctls for accessing/clearing the msgbuf */
static int
sysctl_kern_msgbuf(SYSCTL_HANDLER_ARGS)
{
int error;
+ if (!unprivileged_read_msgbuf) {
+ error = suser_td(req->td);
+ if (error)
+ return (error);
+ }
+
/*
* Unwind the buffer, so that it's linear (possibly starting with
* some initial nulls).
OpenPOWER on IntegriCloud