From owner-freebsd-hackers  Fri Dec 11 22:42:37 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA23426
          for freebsd-hackers-outgoing; Fri, 11 Dec 1998 22:42:37 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from gatekeeper.tsc.tdk.com (gatekeeper.tsc.tdk.com [207.113.159.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA23420
          for <hackers@freebsd.org>; Fri, 11 Dec 1998 22:42:36 -0800 (PST)
          (envelope-from gdonl@tsc.tdk.com)
Received: from sunrise.gv.tsc.tdk.com (root@sunrise.gv.tsc.tdk.com [192.168.241.191])
	by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id WAA22448
	for <hackers@freebsd.org>; Fri, 11 Dec 1998 22:42:27 -0800 (PST)
	(envelope-from gdonl@tsc.tdk.com)
Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194])
	by sunrise.gv.tsc.tdk.com (8.8.5/8.8.5) with ESMTP id WAA15757
	for <hackers@freebsd.org>; Fri, 11 Dec 1998 22:42:26 -0800 (PST)
Received: (from gdonl@localhost)
	by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id WAA21633
	for hackers@freebsd.org; Fri, 11 Dec 1998 22:42:25 -0800 (PST)
Date: Fri, 11 Dec 1998 22:42:25 -0800 (PST)
From: Don Lewis <Don.Lewis@tsc.tdk.com>
Message-Id: <199812120642.WAA21633@salsa.gv.tsc.tdk.com>
To: hackers@FreeBSD.ORG
Subject: restricting sysctl -w when securelevel > 0
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


I want to add some security related sysctl knobs and I don't want them
to be changeable when securelevel > 0.  Rather than using SYSCTL_PROC
and defining several very similar handlers, I think it would be better to
add a generic way of limiting write access when securelevel > 0.

Comments?

--- kern/kern_sysctl.c.orig	Tue Dec  8 20:40:52 1998
+++ kern/kern_sysctl.c	Fri Dec 11 22:27:10 1998
@@ -804,7 +804,8 @@
 	return ENOENT;
 found:
 	/* If writing isn't allowed */
-	if (req->newptr && !((*oidpp)->oid_kind & CTLFLAG_WR))
+	if (req->newptr && (!((*oidpp)->oid_kind & CTLFLAG_WR) ||
+	    (((*oidpp)->oid_kind & CTLFLAG_SECURE) && securelevel > 0)))
 		return (EPERM);
 
 	/* Most likely only root can write */
--- sys/sysctl.h.orig	Sat Sep  5 19:23:09 1998
+++ sys/sysctl.h	Fri Dec 11 22:24:37 1998
@@ -78,6 +78,7 @@
 #define CTLFLAG_RW	(CTLFLAG_RD|CTLFLAG_WR)
 #define CTLFLAG_NOLOCK	0x20000000	/* XXX Don't Lock */
 #define CTLFLAG_ANYBODY	0x10000000	/* All users can set this var */
+#define CTLFLAG_SECURE	0x08000000	/* Permit set only if securelevel<=0 */
 
 /*
  * USE THIS instead of a hardwired number from the categories below

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message