diff options
| author | Mike Pechkin <mpech@cvs.openbsd.org> | 2001-11-20 09:27:59 +0000 |
|---|---|---|
| committer | Mike Pechkin <mpech@cvs.openbsd.org> | 2001-11-20 09:27:59 +0000 |
| commit | bd3db72d69fc730f137b1efd9cfdc6a79458bce9 (patch) | |
| tree | a927a5e6965d793dce52ecf4b9b89c15dc704265 /sys/net/pf.c | |
| parent | c36fc500e79504c70ecd13e2fbf7b2f168c8d0ca (diff) | |
don't allow CHANGEBINAT ioctl in securelevel > 1
dhartmei@ ok
Diffstat (limited to 'sys/net/pf.c')
| -rw-r--r-- | sys/net/pf.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index deaeb82c137..197227964a9 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.168 2001/11/16 11:07:20 mickey Exp $ */ +/* $OpenBSD: pf.c,v 1.169 2001/11/20 09:27:58 mpech Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1007,6 +1007,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) if (!(flags & FWRITE)) return (EACCES); + /* XXX keep in sync with switch() below */ if (securelevel > 1) switch (cmd) { case DIOCSTART: @@ -1026,6 +1027,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) case DIOCCLRSTATES: case DIOCCHANGERULE: case DIOCCHANGENAT: + case DIOCCHANGEBINAT: case DIOCCHANGERDR: case DIOCSETTIMEOUT: return EPERM; |