aboutsummaryrefslogtreecommitdiff
path: root/sys/kern/vfs_extattr.c
diff options
context:
space:
mode:
authorAndrew R. Reiter <arr@FreeBSD.org>2002-03-20 16:03:42 +0000
committerAndrew R. Reiter <arr@FreeBSD.org>2002-03-20 16:03:42 +0000
commitc457a4403ac325746b9ca7eb2e304c4bb605bbd2 (patch)
treec03c716985325fecd5970a187442b58a772cb58b /sys/kern/vfs_extattr.c
parentf0f3379ed544327e07c1d56ef38a1fd97c157c7d (diff)
downloadsrc-c457a4403ac325746b9ca7eb2e304c4bb605bbd2.tar.gz
src-c457a4403ac325746b9ca7eb2e304c4bb605bbd2.zip
- Change a check of securelevel to securelevel_gt() call in order to help
against users within a jail attempting to load kernel modules. - Add a check of securelevel_gt() to vfs_mount() in order to chop some low hanging fruit for the repair of securelevel checking of linking and unlinking files from within jails. There is more to be done here. Reviewed by: rwatson
Notes
Notes: svn path=/head/; revision=92803
Diffstat (limited to 'sys/kern/vfs_extattr.c')
-rw-r--r--sys/kern/vfs_extattr.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c
index 915e26abf593..8247f8df32db 100644
--- a/sys/kern/vfs_extattr.c
+++ b/sys/kern/vfs_extattr.c
@@ -307,6 +307,11 @@ vfs_mount(td, fstype, fspath, fsflags, fsdata)
vput(vp);
return error;
}
+ error = securelevel_gt(td->td_ucred, 0);
+ if (error == 0) {
+ vput(vp);
+ return (EPERM);
+ }
error = linker_load_file(fstype, &lf);
if (error || lf == NULL) {
vput(vp);
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-19 17:28:58 +0000