usermount sysctl, default to prevent users from using mount syscall

2 files changed, 9 insertions, 2 deletions

diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c
index c3c20b170dd..33261ace9fc 100644
--- a/sys/kern/kern_sysctl.c
+++ b/sys/kern/kern_sysctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_sysctl.c,v 1.12 1996/09/20 22:53:09 deraadt Exp $	*/
+/*	$OpenBSD: kern_sysctl.c,v 1.13 1996/10/04 01:26:47 deraadt Exp $	*/
 /*	$NetBSD: kern_sysctl.c,v 1.17 1996/05/20 17:49:05 mrg Exp $	*/
 
 /*-
@@ -205,6 +205,7 @@ kern_sysctl(name, namelen, oldp, oldlenp, newp, newlen, p)
 	int error, level, inthostid;
 	extern char ostype[], osrelease[], osversion[], version[];
 	extern int somaxconn, sominconn;
+	extern int usermount;
 
 	/* all sysctl names at this level are terminal */
 	if (namelen != 1 && !(name[0] == KERN_PROC || name[0] == KERN_PROF))
@@ -294,6 +295,8 @@ kern_sysctl(name, namelen, oldp, oldlenp, newp, newlen, p)
 		return (sysctl_int(oldp, oldlenp, newp, newlen, &somaxconn));
 	case KERN_SOMINCONN:
 		return (sysctl_int(oldp, oldlenp, newp, newlen, &sominconn));
+	case KERN_USERMOUNT:
+		return (sysctl_int(oldp, oldlenp, newp, newlen, &usermount));
 	default:
 		return (EOPNOTSUPP);
 	}
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 127fcdbade8..61cdd21c4fe 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: vfs_syscalls.c,v 1.14 1996/09/24 02:40:12 deraadt Exp $	*/
+/*	$OpenBSD: vfs_syscalls.c,v 1.15 1996/10/04 01:26:48 deraadt Exp $	*/
 /*	$NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $	*/
 
 /*
@@ -61,6 +61,7 @@
 #include <sys/sysctl.h>
 
 extern int suid_clear;
+int	usermount = 0;		/* sysctl: by default, users may not mount */
 
 static int change_dir __P((struct nameidata *, struct proc *));
 
@@ -95,6 +96,9 @@ sys_mount(p, v, retval)
 	struct vattr va;
 	struct nameidata nd;
 
+	if (usermount == 0 && (error = suser(p->p_ucred, &p->p_acflag)))
+		return (error);
+
 	/*
 	 * Get vnode to be covered
 	 */