mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2025-01-11 17:04:19 +01:00
Block all write operations to /proc/1/* when securelevel > 0.
The additional check in procfs_ctl.c could be backed out, but I'm leaving it in for good measure. Reviewed by: Theo de Raadt <deraadt@OpenBSD.org>
This commit is contained in:
parent
35510945b7
commit
8a77722ad7
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=26769
@ -36,7 +36,7 @@
|
||||
*
|
||||
* @(#)procfs_subr.c 8.6 (Berkeley) 5/14/95
|
||||
*
|
||||
* $Id: procfs_subr.c,v 1.13 1997/02/22 09:40:30 peter Exp $
|
||||
* $Id: procfs_subr.c,v 1.14 1997/03/08 16:06:34 bde Exp $
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
@ -242,6 +242,8 @@ procfs_rw(ap)
|
||||
p = PFIND(pfs->pfs_pid);
|
||||
if (p == 0)
|
||||
return (EINVAL);
|
||||
if (p->p_pid == 1 && securelevel > 0 && uio->uio_rw == UIO_WRITE)
|
||||
return(EACCES);
|
||||
|
||||
while (pfs->pfs_lockowner) {
|
||||
tsleep(&pfs->pfs_lockowner, PRIBIO, "pfslck", 0);
|
||||
|
@ -36,7 +36,7 @@
|
||||
*
|
||||
* @(#)procfs_subr.c 8.6 (Berkeley) 5/14/95
|
||||
*
|
||||
* $Id: procfs_subr.c,v 1.13 1997/02/22 09:40:30 peter Exp $
|
||||
* $Id: procfs_subr.c,v 1.14 1997/03/08 16:06:34 bde Exp $
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
@ -242,6 +242,8 @@ procfs_rw(ap)
|
||||
p = PFIND(pfs->pfs_pid);
|
||||
if (p == 0)
|
||||
return (EINVAL);
|
||||
if (p->p_pid == 1 && securelevel > 0 && uio->uio_rw == UIO_WRITE)
|
||||
return(EACCES);
|
||||
|
||||
while (pfs->pfs_lockowner) {
|
||||
tsleep(&pfs->pfs_lockowner, PRIBIO, "pfslck", 0);
|
||||
|
Loading…
Reference in New Issue
Block a user