summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorHugh Graham <hugh@cvs.openbsd.org>2000-02-27 04:57:30 +0000
committerHugh Graham <hugh@cvs.openbsd.org>2000-02-27 04:57:30 +0000
commit9810dc47d0d68c573fe93e3f09d8cfd2155660c3 (patch)
tree2588defb7156695b823f3734d0eced24a96a2d6f /sys
parent5fd684a8dc51c2ae4de315e4e4f3029d342d6ddc (diff)
Provide a means to lock ddb off on systems at high securelevel, in order
reduce the need for a custom kernel sans ddb.
Diffstat (limited to 'sys')
-rw-r--r--sys/ddb/db_usrreq.c28
1 files changed, 25 insertions, 3 deletions
diff --git a/sys/ddb/db_usrreq.c b/sys/ddb/db_usrreq.c
index 52f73fa22da..d0557fde62f 100644
--- a/sys/ddb/db_usrreq.c
+++ b/sys/ddb/db_usrreq.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: db_usrreq.c,v 1.3 1998/02/05 16:49:22 deraadt Exp $ */
+/* $OpenBSD: db_usrreq.c,v 1.4 2000/02/27 04:57:29 hugh Exp $ */
/*
* Copyright (c) 1996 Michael Shalayeff. All rights reserved.
@@ -38,6 +38,8 @@
#include <ddb/db_var.h>
+extern int securelevel;
+
int
ddb_sysctl(name, namelen, oldp, oldlenp, newp, newlen, p)
int *name;
@@ -48,6 +50,8 @@ ddb_sysctl(name, namelen, oldp, oldlenp, newp, newlen, p)
size_t newlen;
struct proc *p;
{
+ int error, ctlval;
+
/* All sysctl names at this level are terminal. */
if (namelen != 1)
return (ENOTDIR);
@@ -63,9 +67,27 @@ ddb_sysctl(name, namelen, oldp, oldlenp, newp, newlen, p)
case DBCTL_MAXLINE:
return sysctl_int(oldp, oldlenp, newp, newlen, &db_max_line);
case DBCTL_PANIC:
- return sysctl_int(oldp, oldlenp, newp, newlen, &db_panic);
+ ctlval = db_panic;
+ if ((error = sysctl_int(oldp, oldlenp, newp, newlen, &ctlval)) ||
+ newp == NULL)
+ return (error);
+ if (ctlval != 1 && ctlval != 0)
+ return (EINVAL);
+ if (ctlval > db_panic && securelevel > 1)
+ return (EPERM);
+ db_panic = ctlval;
+ return (0);
case DBCTL_CONSOLE:
- return sysctl_int(oldp, oldlenp, newp, newlen, &db_console);
+ ctlval = db_console;
+ if ((error = sysctl_int(oldp, oldlenp, newp, newlen, &ctlval)) ||
+ newp == NULL)
+ return (error);
+ if (ctlval != 1 && ctlval != 0)
+ return (EINVAL);
+ if (ctlval > db_console && securelevel > 1)
+ return (EPERM);
+ db_console = ctlval;
+ return (0);
default:
return (EOPNOTSUPP);
}