Don't ever allow lowering the securelevel at all. Allowing it does

nothing good except of opening a can of (potential or real) security
holes.  People maintaining a machine with higher security requirements
need to be on the console anyway, so there's no point in not forcing
them to reboot before starting maintenance.

Agreed by:	hackers, guido
This commit is contained in:
joerg 1997-06-25 07:31:47 +00:00
parent a7f2d3da85
commit ab6f1bf5ca

View File

@ -37,7 +37,7 @@
* SUCH DAMAGE.
*
* @(#)kern_sysctl.c 8.4 (Berkeley) 4/14/94
* $Id: kern_mib.c,v 1.7 1997/03/03 12:58:19 bde Exp $
* $Id: kern_mib.c,v 1.8 1997/03/04 18:31:54 bde Exp $
*/
#include <sys/param.h>
@ -123,7 +123,7 @@ sysctl_kern_securelvl SYSCTL_HANDLER_ARGS
error = sysctl_handle_int(oidp, &level, 0, req);
if (error || !req->newptr)
return (error);
if (level < securelevel && req->p->p_pid != 1)
if (level < securelevel)
return (EPERM);
securelevel = level;
return (error);