From 793295a94d96fd8954918d322646bb6dd2219c2d Mon Sep 17 00:00:00 2001
From: alex <alex@FreeBSD.org>
Date: Sat, 21 Jun 1997 16:09:49 +0000
Subject: Block all write operations to /proc/1/* when securelevel > 0. The
 additional check in procfs_ctl.c could be backed out, but I'm leaving it in
 for good measure.

Reviewed by:	Theo de Raadt <deraadt@OpenBSD.org>
---
 sys/miscfs/procfs/procfs_subr.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'sys/miscfs/procfs/procfs_subr.c')

diff --git a/sys/miscfs/procfs/procfs_subr.c b/sys/miscfs/procfs/procfs_subr.c
index 8c5224b..072331c 100644
--- a/sys/miscfs/procfs/procfs_subr.c
+++ b/sys/miscfs/procfs/procfs_subr.c
@@ -36,7 +36,7 @@
  *
  *	@(#)procfs_subr.c	8.6 (Berkeley) 5/14/95
  *
- *	$Id: procfs_subr.c,v 1.13 1997/02/22 09:40:30 peter Exp $
+ *	$Id: procfs_subr.c,v 1.14 1997/03/08 16:06:34 bde Exp $
  */
 
 #include <sys/param.h>
@@ -242,6 +242,8 @@ procfs_rw(ap)
 	p = PFIND(pfs->pfs_pid);
 	if (p == 0)
 		return (EINVAL);
+	if (p->p_pid == 1 && securelevel > 0 && uio->uio_rw == UIO_WRITE)
+		return(EACCES);
 
 	while (pfs->pfs_lockowner) {
 		tsleep(&pfs->pfs_lockowner, PRIBIO, "pfslck", 0);
-- 
cgit v1.1