diff options
author | Robert Watson <rwatson@FreeBSD.org> | 2002-03-22 14:58:27 +0000 |
---|---|---|
committer | Robert Watson <rwatson@FreeBSD.org> | 2002-03-22 14:58:27 +0000 |
commit | 7906271f25e7b8823ab5b30dba9bf6d1ef03e2c1 (patch) | |
tree | acb0c4bbf58571fe7bdcb5cef51feb6a290fc7ce /sys/kern/kern_sysctl.c | |
parent | 363a07cc69e45eb720f94def5c77ae6cefe6a616 (diff) | |
download | src-7906271f25e7b8823ab5b30dba9bf6d1ef03e2c1.tar.gz src-7906271f25e7b8823ab5b30dba9bf6d1ef03e2c1.zip |
In sysctl, req->td is believed always to be non-NULL, so there's no need
to test req->td for NULL values and then do somewhat more bizarre things
relating to securelevel special-casing and suser checks. Remove the
testing and conditional security checks based on req->td!=NULL, and insert
a KASSERT that td != NULL. Callers to sysctl must always specify the
thread (be it kernel or otherwise) requesting the operation, or a
number of current sysctls will fail due to assumptions that the thread
exists.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Discussed with: bde
Notes
Notes:
svn path=/head/; revision=92953
Diffstat (limited to 'sys/kern/kern_sysctl.c')
-rw-r--r-- | sys/kern/kern_sysctl.c | 34 |
1 files changed, 14 insertions, 20 deletions
diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index 2b725ee4423e..9942ca141e30 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -1067,32 +1067,26 @@ sysctl_root(SYSCTL_HANDLER_ARGS) if (req->newptr && !(oid->oid_kind & CTLFLAG_WR)) return (EPERM); + KASSERT(req->td != NULL, ("sysctl_root(): req->td == NULL")); + /* Is this sysctl sensitive to securelevels? */ if (req->newptr && (oid->oid_kind & CTLFLAG_SECURE)) { - if (req->td == NULL) { - error = securelevel_gt(NULL, 0); /* XXX */ - if (error) - return (error); - } else { - error = securelevel_gt(req->td->td_ucred, 0); - if (error) - return (error); - } + error = securelevel_gt(req->td->td_ucred, 0); + if (error) + return (error); } /* Is this sysctl writable by only privileged users? */ if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) { - if (req->td != NULL) { - int flags; - - if (oid->oid_kind & CTLFLAG_PRISON) - flags = PRISON_ROOT; - else - flags = 0; - error = suser_xxx(NULL, req->td->td_proc, flags); - if (error) - return (error); - } + int flags; + + if (oid->oid_kind & CTLFLAG_PRISON) + flags = PRISON_ROOT; + else + flags = 0; + error = suser_xxx(NULL, req->td->td_proc, flags); + if (error) + return (error); } if (!oid->oid_handler) |