Don't ever allow lowering the securelevel at all. Allowing it does

nothing good except of opening a can of (potential or real) security holes. People maintaining a machine with higher security requirements need to be on the console anyway, so there's no point in not forcing them to reboot before starting maintenance. Agreed by: hackers, guido
svn path=/head/; revision=26923
1997-06-25 07:31:47 +00:00 · 1997-06-25 07:31:47 +00:00 · e16ed08126 · 2020-12-20 02:59:44 +00:00
commit e16ed08126
parent f8a42d82e9
1 changed files with 2 additions and 2 deletions
--- a/sys/kern/kern_mib.c
+++ b/sys/kern/kern_mib.c
@ -37,7 +37,7 @@
 * SUCH DAMAGE.
 *
 *	@(#)kern_sysctl.c	8.4 (Berkeley) 4/14/94
- * $Id: kern_mib.c,v 1.7 1997/03/03 12:58:19 bde Exp $
+ * $Id: kern_mib.c,v 1.8 1997/03/04 18:31:54 bde Exp $
 */

 #include <sys/param.h>
@ -123,7 +123,7 @@ sysctl_kern_securelvl SYSCTL_HANDLER_ARGS
 		error = sysctl_handle_int(oidp, &level, 0, req);
 		if (error || !req->newptr)
 			return (error);
-		if (level < securelevel && req->p->p_pid != 1)
+		if (level < securelevel)
 			return (EPERM);
 		securelevel = level;
 		return (error);