Move the securelevel check before loading KLD's into linker_load_file(),

instead of requiring every caller of linker_load_file() to perform the
check itself. This avoids netgraph loading KLD's when securelevel > 0,
not to mention any future code that may call linker_load_file().

Reviewed by:	dfr
This commit is contained in:
Archie Cobbs 2000-06-29 17:57:04 +00:00
parent 849c64f5ff
commit 6c66bbed1a
3 changed files with 10 additions and 12 deletions

View File

@ -301,6 +301,10 @@ linker_load_file(const char* filename, linker_file_t* result)
linker_file_t lf;
int foundfile, error = 0;
/* Refuse to load modules if securelevel raised */
if (securelevel > 0)
return EPERM;
lf = linker_find_file_by_name(filename);
if (lf) {
KLD_DPF(FILE, ("linker_load_file: file %s is already loaded, incrementing refs\n", filename));
@ -425,6 +429,10 @@ linker_file_unload(linker_file_t file)
int error = 0;
int i;
/* Refuse to unload modules if securelevel raised */
if (securelevel > 0)
return EPERM;
KLD_DPF(FILE, ("linker_file_unload: lf->refs=%d\n", file->refs));
lockmgr(&lock, LK_EXCLUSIVE, 0, curproc);
if (file->refs == 1) {
@ -678,7 +686,7 @@ kldload(struct proc* p, struct kldload_args* uap)
p->p_retval[0] = -1;
if (securelevel > 0)
if (securelevel > 0) /* redundant, but that's OK */
return EPERM;
if ((error = suser(p)) != 0)
@ -721,7 +729,7 @@ kldunload(struct proc* p, struct kldunload_args* uap)
linker_file_t lf;
int error = 0;
if (securelevel > 0)
if (securelevel > 0) /* redundant, but that's OK */
return EPERM;
if ((error = suser(p)) != 0)

View File

@ -225,11 +225,6 @@ mount(p, uap)
if (vfsp == NULL) {
linker_file_t lf;
/* Refuse to load modules if securelevel raised */
if (securelevel > 0) {
vput(vp);
return EPERM;
}
/* Only load modules for root (very important!) */
if ((error = suser(p)) != 0) {
vput(vp);

View File

@ -225,11 +225,6 @@ mount(p, uap)
if (vfsp == NULL) {
linker_file_t lf;
/* Refuse to load modules if securelevel raised */
if (securelevel > 0) {
vput(vp);
return EPERM;
}
/* Only load modules for root (very important!) */
if ((error = suser(p)) != 0) {
vput(vp);