Block all write operations to /proc/1/* when securelevel > 0.

The additional check in procfs_ctl.c could be backed out, but I'm leaving it in for good measure. Reviewed by: Theo de Raadt <deraadt@OpenBSD.org>
1997-06-21 16:09:49 +00:00 · 1997-06-21 16:09:49 +00:00 · 793295a94d
commit 793295a94d
parent db73f6494a
2 changed files with 6 additions and 2 deletions
--- a/sys/fs/procfs/procfs_subr.c
+++ b/sys/fs/procfs/procfs_subr.c
@ -36,7 +36,7 @@
 *
 *	@(#)procfs_subr.c	8.6 (Berkeley) 5/14/95
 *
- *	$Id: procfs_subr.c,v 1.13 1997/02/22 09:40:30 peter Exp $
+ *	$Id: procfs_subr.c,v 1.14 1997/03/08 16:06:34 bde Exp $
 */

 #include <sys/param.h>
@ -242,6 +242,8 @@ procfs_rw(ap)
 	p = PFIND(pfs->pfs_pid);
 	if (p == 0)
 		return (EINVAL);
+	if (p->p_pid == 1 && securelevel > 0 && uio->uio_rw == UIO_WRITE)
+		return(EACCES);

 	while (pfs->pfs_lockowner) {
 		tsleep(&pfs->pfs_lockowner, PRIBIO, "pfslck", 0);
--- a/sys/miscfs/procfs/procfs_subr.c
+++ b/sys/miscfs/procfs/procfs_subr.c
@ -36,7 +36,7 @@
 *
 *	@(#)procfs_subr.c	8.6 (Berkeley) 5/14/95
 *
- *	$Id: procfs_subr.c,v 1.13 1997/02/22 09:40:30 peter Exp $
+ *	$Id: procfs_subr.c,v 1.14 1997/03/08 16:06:34 bde Exp $
 */

 #include <sys/param.h>
@ -242,6 +242,8 @@ procfs_rw(ap)
 	p = PFIND(pfs->pfs_pid);
 	if (p == 0)
 		return (EINVAL);
+	if (p->p_pid == 1 && securelevel > 0 && uio->uio_rw == UIO_WRITE)
+		return(EACCES);

 	while (pfs->pfs_lockowner) {
 		tsleep(&pfs->pfs_lockowner, PRIBIO, "pfslck", 0);