In sysctl, req->td is believed always to be non-NULL, so there's no need

to test req->td for NULL values and then do somewhat more bizarre things
relating to securelevel special-casing and suser checks.  Remove the
testing and conditional security checks based on req->td!=NULL, and insert
a KASSERT that td != NULL.  Callers to sysctl must always specify the
thread (be it kernel or otherwise) requesting the operation, or a
number of current sysctls will fail due to assumptions that the thread
exists.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
Discussed with:	bde
This commit is contained in:
Robert Watson 2002-03-22 14:58:27 +00:00
parent 363a07cc69
commit 7906271f25

View File

@ -1067,32 +1067,26 @@ sysctl_root(SYSCTL_HANDLER_ARGS)
if (req->newptr && !(oid->oid_kind & CTLFLAG_WR))
return (EPERM);
KASSERT(req->td != NULL, ("sysctl_root(): req->td == NULL"));
/* Is this sysctl sensitive to securelevels? */
if (req->newptr && (oid->oid_kind & CTLFLAG_SECURE)) {
if (req->td == NULL) {
error = securelevel_gt(NULL, 0); /* XXX */
if (error)
return (error);
} else {
error = securelevel_gt(req->td->td_ucred, 0);
if (error)
return (error);
}
error = securelevel_gt(req->td->td_ucred, 0);
if (error)
return (error);
}
/* Is this sysctl writable by only privileged users? */
if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) {
if (req->td != NULL) {
int flags;
int flags;
if (oid->oid_kind & CTLFLAG_PRISON)
flags = PRISON_ROOT;
else
flags = 0;
error = suser_xxx(NULL, req->td->td_proc, flags);
if (error)
return (error);
}
if (oid->oid_kind & CTLFLAG_PRISON)
flags = PRISON_ROOT;
else
flags = 0;
error = suser_xxx(NULL, req->td->td_proc, flags);
if (error)
return (error);
}
if (!oid->oid_handler)