diff options
author | Andrew R. Reiter <arr@FreeBSD.org> | 2002-03-20 16:03:42 +0000 |
---|---|---|
committer | Andrew R. Reiter <arr@FreeBSD.org> | 2002-03-20 16:03:42 +0000 |
commit | c457a4403ac325746b9ca7eb2e304c4bb605bbd2 (patch) | |
tree | c03c716985325fecd5970a187442b58a772cb58b /sys/kern/vfs_extattr.c | |
parent | f0f3379ed544327e07c1d56ef38a1fd97c157c7d (diff) | |
download | src-c457a4403ac325746b9ca7eb2e304c4bb605bbd2.tar.gz src-c457a4403ac325746b9ca7eb2e304c4bb605bbd2.zip |
- Change a check of securelevel to securelevel_gt() call in order to help
against users within a jail attempting to load kernel modules.
- Add a check of securelevel_gt() to vfs_mount() in order to chop some
low hanging fruit for the repair of securelevel checking of linking and
unlinking files from within jails. There is more to be done here.
Reviewed by: rwatson
Notes
Notes:
svn path=/head/; revision=92803
Diffstat (limited to 'sys/kern/vfs_extattr.c')
-rw-r--r-- | sys/kern/vfs_extattr.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c index 915e26abf593..8247f8df32db 100644 --- a/sys/kern/vfs_extattr.c +++ b/sys/kern/vfs_extattr.c @@ -307,6 +307,11 @@ vfs_mount(td, fstype, fspath, fsflags, fsdata) vput(vp); return error; } + error = securelevel_gt(td->td_ucred, 0); + if (error == 0) { + vput(vp); + return (EPERM); + } error = linker_load_file(fstype, &lf); if (error || lf == NULL) { vput(vp); |