1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-14 10:09:48 +00:00

Add a generic flag, CTLFLAG_SECURE, which can be used to mark a sysctl

variable unwriteable when securelevel > 0.
Reviewed by: jdp, eivind
This commit is contained in:
Don Lewis 1998-12-13 07:19:13 +00:00
parent 9983067ebe
commit 2b648ac0a1
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=41728
2 changed files with 5 additions and 3 deletions

View File

@ -37,7 +37,7 @@
* SUCH DAMAGE.
*
* @(#)kern_sysctl.c 8.4 (Berkeley) 4/14/94
* $Id: kern_sysctl.c,v 1.78 1998/10/16 03:55:00 peter Exp $
* $Id: kern_sysctl.c,v 1.79 1998/12/04 22:54:51 archie Exp $
*/
#include "opt_compat.h"
@ -804,7 +804,8 @@ sysctl_root SYSCTL_HANDLER_ARGS
return ENOENT;
found:
/* If writing isn't allowed */
if (req->newptr && !((*oidpp)->oid_kind & CTLFLAG_WR))
if (req->newptr && (!((*oidpp)->oid_kind & CTLFLAG_WR) ||
(((*oidpp)->oid_kind & CTLFLAG_SECURE) && securelevel > 0)))
return (EPERM);
/* Most likely only root can write */

View File

@ -34,7 +34,7 @@
* SUCH DAMAGE.
*
* @(#)sysctl.h 8.1 (Berkeley) 6/2/93
* $Id: sysctl.h,v 1.64 1998/09/05 14:13:35 bde Exp $
* $Id: sysctl.h,v 1.65 1998/09/05 17:13:28 bde Exp $
*/
#ifndef _SYS_SYSCTL_H_
@ -78,6 +78,7 @@ struct ctlname {
#define CTLFLAG_RW (CTLFLAG_RD|CTLFLAG_WR)
#define CTLFLAG_NOLOCK 0x20000000 /* XXX Don't Lock */
#define CTLFLAG_ANYBODY 0x10000000 /* All users can set this var */
#define CTLFLAG_SECURE 0x08000000 /* Permit set only if securelevel<=0 */
/*
* USE THIS instead of a hardwired number from the categories below