diff options
| author | Martin Pieuchot <mpi@cvs.openbsd.org> | 2020-01-24 14:00:33 +0000 |
|---|---|---|
| committer | Martin Pieuchot <mpi@cvs.openbsd.org> | 2020-01-24 14:00:33 +0000 |
| commit | bea61c3f0fd68807d9ce2d3c71f8664fee65a757 (patch) | |
| tree | 0e16f86d4c8404a9d91f416328a00ad17a2ed8c0 /sys/kern | |
| parent | 8e271b8dd5d0a45674d5b8e0d799fce01e2622de (diff) | |
New `kern.allowdt' button must be set to open(2) /dev/dt.
dt(4) exposes kernel internals, addresses and content of states to
userland. As such its interface shouldn't be available without
enabling it consciously.
ok millert@, deraadt@
Diffstat (limited to 'sys/kern')
| -rw-r--r-- | sys/kern/kern_sysctl.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index e33a115ea98..e2a41233021 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sysctl.c,v 1.369 2020/01/02 08:52:53 claudio Exp $ */ +/* $OpenBSD: kern_sysctl.c,v 1.370 2020/01/24 14:00:31 mpi Exp $ */ /* $NetBSD: kern_sysctl.c,v 1.17 1996/05/20 17:49:05 mrg Exp $ */ /*- @@ -129,6 +129,7 @@ extern int audio_record_enable; #endif int allowkmem; +int allowdt; int sysctl_diskinit(int, struct proc *); int sysctl_proc_args(int *, u_int, void *, size_t *, struct proc *); @@ -358,12 +359,14 @@ kern_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, return (EPERM); securelevel = level; return (0); + case KERN_ALLOWDT: + if (securelevel > 0) + return (sysctl_rdint(oldp, oldlenp, newp, allowdt)); + return (sysctl_int(oldp, oldlenp, newp, newlen, &allowdt)); case KERN_ALLOWKMEM: if (securelevel > 0) - return (sysctl_rdint(oldp, oldlenp, newp, - allowkmem)); - return (sysctl_int(oldp, oldlenp, newp, newlen, - &allowkmem)); + return (sysctl_rdint(oldp, oldlenp, newp, allowkmem)); + return (sysctl_int(oldp, oldlenp, newp, newlen, &allowkmem)); case KERN_HOSTNAME: error = sysctl_tstring(oldp, oldlenp, newp, newlen, hostname, sizeof(hostname)); |