diff options
author | Hugh Graham <hugh@cvs.openbsd.org> | 2000-02-27 04:57:30 +0000 |
---|---|---|
committer | Hugh Graham <hugh@cvs.openbsd.org> | 2000-02-27 04:57:30 +0000 |
commit | 9810dc47d0d68c573fe93e3f09d8cfd2155660c3 (patch) | |
tree | 2588defb7156695b823f3734d0eced24a96a2d6f /sys | |
parent | 5fd684a8dc51c2ae4de315e4e4f3029d342d6ddc (diff) |
Provide a means to lock ddb off on systems at high securelevel, in order
reduce the need for a custom kernel sans ddb.
Diffstat (limited to 'sys')
-rw-r--r-- | sys/ddb/db_usrreq.c | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/sys/ddb/db_usrreq.c b/sys/ddb/db_usrreq.c index 52f73fa22da..d0557fde62f 100644 --- a/sys/ddb/db_usrreq.c +++ b/sys/ddb/db_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: db_usrreq.c,v 1.3 1998/02/05 16:49:22 deraadt Exp $ */ +/* $OpenBSD: db_usrreq.c,v 1.4 2000/02/27 04:57:29 hugh Exp $ */ /* * Copyright (c) 1996 Michael Shalayeff. All rights reserved. @@ -38,6 +38,8 @@ #include <ddb/db_var.h> +extern int securelevel; + int ddb_sysctl(name, namelen, oldp, oldlenp, newp, newlen, p) int *name; @@ -48,6 +50,8 @@ ddb_sysctl(name, namelen, oldp, oldlenp, newp, newlen, p) size_t newlen; struct proc *p; { + int error, ctlval; + /* All sysctl names at this level are terminal. */ if (namelen != 1) return (ENOTDIR); @@ -63,9 +67,27 @@ ddb_sysctl(name, namelen, oldp, oldlenp, newp, newlen, p) case DBCTL_MAXLINE: return sysctl_int(oldp, oldlenp, newp, newlen, &db_max_line); case DBCTL_PANIC: - return sysctl_int(oldp, oldlenp, newp, newlen, &db_panic); + ctlval = db_panic; + if ((error = sysctl_int(oldp, oldlenp, newp, newlen, &ctlval)) || + newp == NULL) + return (error); + if (ctlval != 1 && ctlval != 0) + return (EINVAL); + if (ctlval > db_panic && securelevel > 1) + return (EPERM); + db_panic = ctlval; + return (0); case DBCTL_CONSOLE: - return sysctl_int(oldp, oldlenp, newp, newlen, &db_console); + ctlval = db_console; + if ((error = sysctl_int(oldp, oldlenp, newp, newlen, &ctlval)) || + newp == NULL) + return (error); + if (ctlval != 1 && ctlval != 0) + return (EINVAL); + if (ctlval > db_console && securelevel > 1) + return (EPERM); + db_console = ctlval; + return (0); default: return (EOPNOTSUPP); } |