Add a generic flag, CTLFLAG_SECURE, which can be used to mark a sysctl

variable unwriteable when securelevel > 0. Reviewed by: jdp, eivind
svn path=/head/; revision=41728
2024-11-05 18:22:52 +00:00 · 1998-12-13 07:19:13 +00:00 · 1998-12-13 07:19:13 +00:00 · 2b648ac0a1 · 2020-12-20 02:59:44 +00:00
commit 2b648ac0a1
parent 9983067ebe
2 changed files with 5 additions and 3 deletions
--- a/sys/kern/kern_sysctl.c
+++ b/sys/kern/kern_sysctl.c
@ -37,7 +37,7 @@
 * SUCH DAMAGE.
 *
 *	@(#)kern_sysctl.c	8.4 (Berkeley) 4/14/94
- * $Id: kern_sysctl.c,v 1.78 1998/10/16 03:55:00 peter Exp $
+ * $Id: kern_sysctl.c,v 1.79 1998/12/04 22:54:51 archie Exp $
 */

 #include "opt_compat.h"
@ -804,7 +804,8 @@ sysctl_root SYSCTL_HANDLER_ARGS
 	return ENOENT;
 found:
 	/* If writing isn't allowed */
-	if (req->newptr && !((*oidpp)->oid_kind & CTLFLAG_WR))
+	if (req->newptr && (!((*oidpp)->oid_kind & CTLFLAG_WR) ||
+	    (((*oidpp)->oid_kind & CTLFLAG_SECURE) && securelevel > 0)))
 		return (EPERM);

 	/* Most likely only root can write */
--- a/sys/sys/sysctl.h
+++ b/sys/sys/sysctl.h
@ -34,7 +34,7 @@
 * SUCH DAMAGE.
 *
 *	@(#)sysctl.h	8.1 (Berkeley) 6/2/93
- * $Id: sysctl.h,v 1.64 1998/09/05 14:13:35 bde Exp $
+ * $Id: sysctl.h,v 1.65 1998/09/05 17:13:28 bde Exp $
 */

 #ifndef _SYS_SYSCTL_H_
@ -78,6 +78,7 @@ struct ctlname {
 #define CTLFLAG_RW	(CTLFLAG_RD|CTLFLAG_WR)
 #define CTLFLAG_NOLOCK	0x20000000	/* XXX Don't Lock */
 #define CTLFLAG_ANYBODY	0x10000000	/* All users can set this var */
+#define CTLFLAG_SECURE	0x08000000	/* Permit set only if securelevel<=0 */

 /*
 * USE THIS instead of a hardwired number from the categories below