From e16ed081263cabd1846602e616fe437325642cc6 Mon Sep 17 00:00:00 2001 From: Joerg Wunsch Date: Wed, 25 Jun 1997 07:31:47 +0000 Subject: [PATCH] Don't ever allow lowering the securelevel at all. Allowing it does nothing good except of opening a can of (potential or real) security holes. People maintaining a machine with higher security requirements need to be on the console anyway, so there's no point in not forcing them to reboot before starting maintenance. Agreed by: hackers, guido --- sys/kern/kern_mib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/kern/kern_mib.c b/sys/kern/kern_mib.c index 8105aa495de6..42e2652d78d3 100644 --- a/sys/kern/kern_mib.c +++ b/sys/kern/kern_mib.c @@ -37,7 +37,7 @@ * SUCH DAMAGE. * * @(#)kern_sysctl.c 8.4 (Berkeley) 4/14/94 - * $Id: kern_mib.c,v 1.7 1997/03/03 12:58:19 bde Exp $ + * $Id: kern_mib.c,v 1.8 1997/03/04 18:31:54 bde Exp $ */ #include @@ -123,7 +123,7 @@ sysctl_kern_securelvl SYSCTL_HANDLER_ARGS error = sysctl_handle_int(oidp, &level, 0, req); if (error || !req->newptr) return (error); - if (level < securelevel && req->p->p_pid != 1) + if (level < securelevel) return (EPERM); securelevel = level; return (error);