mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-14 10:09:48 +00:00
Add a generic flag, CTLFLAG_SECURE, which can be used to mark a sysctl
variable unwriteable when securelevel > 0. Reviewed by: jdp, eivind
This commit is contained in:
parent
9983067ebe
commit
2b648ac0a1
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=41728
@ -37,7 +37,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* @(#)kern_sysctl.c 8.4 (Berkeley) 4/14/94
|
||||
* $Id: kern_sysctl.c,v 1.78 1998/10/16 03:55:00 peter Exp $
|
||||
* $Id: kern_sysctl.c,v 1.79 1998/12/04 22:54:51 archie Exp $
|
||||
*/
|
||||
|
||||
#include "opt_compat.h"
|
||||
@ -804,7 +804,8 @@ sysctl_root SYSCTL_HANDLER_ARGS
|
||||
return ENOENT;
|
||||
found:
|
||||
/* If writing isn't allowed */
|
||||
if (req->newptr && !((*oidpp)->oid_kind & CTLFLAG_WR))
|
||||
if (req->newptr && (!((*oidpp)->oid_kind & CTLFLAG_WR) ||
|
||||
(((*oidpp)->oid_kind & CTLFLAG_SECURE) && securelevel > 0)))
|
||||
return (EPERM);
|
||||
|
||||
/* Most likely only root can write */
|
||||
|
@ -34,7 +34,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* @(#)sysctl.h 8.1 (Berkeley) 6/2/93
|
||||
* $Id: sysctl.h,v 1.64 1998/09/05 14:13:35 bde Exp $
|
||||
* $Id: sysctl.h,v 1.65 1998/09/05 17:13:28 bde Exp $
|
||||
*/
|
||||
|
||||
#ifndef _SYS_SYSCTL_H_
|
||||
@ -78,6 +78,7 @@ struct ctlname {
|
||||
#define CTLFLAG_RW (CTLFLAG_RD|CTLFLAG_WR)
|
||||
#define CTLFLAG_NOLOCK 0x20000000 /* XXX Don't Lock */
|
||||
#define CTLFLAG_ANYBODY 0x10000000 /* All users can set this var */
|
||||
#define CTLFLAG_SECURE 0x08000000 /* Permit set only if securelevel<=0 */
|
||||
|
||||
/*
|
||||
* USE THIS instead of a hardwired number from the categories below
|
||||
|
Loading…
Reference in New Issue
Block a user