d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add back securelevel check for disks.

Browse Source 
XXX: This should live in geom_dev.c but we don't have access to the
cred there.
XXX: XXX:  This may not matter anymore since filesystems use geom_vfs.
This commit is contained in:
Poul-Henning Kamp 2004-11-04 09:17:55 +00:00
parent 40c340aa5d
commit ecc14aae12
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
sys/fs/devfs/devfs_vnops.c
View File

@ -710,6 +710,18 @@ devfs_open(ap)
if (dev->si_iosize_max == 0)
dev->si_iosize_max = DFLTPHYS;
if (vn_isdisk(vp, NULL) &&
ap->a_cred != FSCRED && (ap->a_mode & FWRITE)) {
/*
* When running in very secure mode, do not allow
* opens for writing of any disks.
* XXX: should be in geom_dev.c, but we lack the cred there.
*/
error = securelevel_ge(td->td_ucred, 2);
if (error)
return (error);
}
dsw = dev_refthread(dev);
if (dsw == NULL)
return (ENXIO);