In sysctl, req->td is believed always to be non-NULL, so there's no need
to test req->td for NULL values and then do somewhat more bizarre things relating to securelevel special-casing and suser checks. Remove the testing and conditional security checks based on req->td!=NULL, and insert a KASSERT that td != NULL. Callers to sysctl must always specify the thread (be it kernel or otherwise) requesting the operation, or a number of current sysctls will fail due to assumptions that the thread exists. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs Discussed with: bde
This commit is contained in:
parent
363a07cc69
commit
7906271f25
@ -1067,32 +1067,26 @@ sysctl_root(SYSCTL_HANDLER_ARGS)
|
||||
if (req->newptr && !(oid->oid_kind & CTLFLAG_WR))
|
||||
return (EPERM);
|
||||
|
||||
KASSERT(req->td != NULL, ("sysctl_root(): req->td == NULL"));
|
||||
|
||||
/* Is this sysctl sensitive to securelevels? */
|
||||
if (req->newptr && (oid->oid_kind & CTLFLAG_SECURE)) {
|
||||
if (req->td == NULL) {
|
||||
error = securelevel_gt(NULL, 0); /* XXX */
|
||||
if (error)
|
||||
return (error);
|
||||
} else {
|
||||
error = securelevel_gt(req->td->td_ucred, 0);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
error = securelevel_gt(req->td->td_ucred, 0);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
|
||||
/* Is this sysctl writable by only privileged users? */
|
||||
if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) {
|
||||
if (req->td != NULL) {
|
||||
int flags;
|
||||
int flags;
|
||||
|
||||
if (oid->oid_kind & CTLFLAG_PRISON)
|
||||
flags = PRISON_ROOT;
|
||||
else
|
||||
flags = 0;
|
||||
error = suser_xxx(NULL, req->td->td_proc, flags);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
if (oid->oid_kind & CTLFLAG_PRISON)
|
||||
flags = PRISON_ROOT;
|
||||
else
|
||||
flags = 0;
|
||||
error = suser_xxx(NULL, req->td->td_proc, flags);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
|
||||
if (!oid->oid_handler)
|
||||
|
Loading…
Reference in New Issue
Block a user