From 6802cb18ca70e3b40d16be985f5be33b0b049e86 Mon Sep 17 00:00:00 2001 From: Theo de Raadt Date: Tue, 26 Jul 2022 14:53:46 +0000 Subject: Only allow changing the domainname (from empty) before securelevel increase. libc YP support has a couple of places where the domainname is cached, and this results in wildly incoherent behaviour which could even be risky. If you want to change the domainname, you will have to reboot. ok beck miod --- lib/libc/gen/getdomainname.3 | 6 ++++-- sys/kern/kern_sysctl.c | 9 ++++++--- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/lib/libc/gen/getdomainname.3 b/lib/libc/gen/getdomainname.3 index 2b982311bf0..1eef9433d3f 100644 --- a/lib/libc/gen/getdomainname.3 +++ b/lib/libc/gen/getdomainname.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: getdomainname.3,v 1.28 2022/07/17 08:33:01 jsg Exp $ +.\" $OpenBSD: getdomainname.3,v 1.29 2022/07/26 14:53:29 deraadt Exp $ .\" .\" Copyright (c) 1983, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -27,7 +27,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate: July 17 2022 $ +.Dd $Mdocdate: July 26 2022 $ .Dt GETDOMAINNAME 3 .Os .Sh NAME @@ -61,6 +61,8 @@ which has length .Fa namelen . This call is restricted to the superuser and is normally used only when the system is bootstrapped. +Under normal operation once the domainname is set, it cannot be +changed. .Sh RETURN VALUES If the call succeeds, a value of 0 is returned. If the call fails, a value of \-1 is returned and an error code is diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index f9d1f04a845..1be54b0c156 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sysctl.c,v 1.403 2022/07/05 15:06:16 visa Exp $ */ +/* $OpenBSD: kern_sysctl.c,v 1.404 2022/07/26 14:53:45 deraadt Exp $ */ /* $NetBSD: kern_sysctl.c,v 1.17 1996/05/20 17:49:05 mrg Exp $ */ /*- @@ -486,8 +486,11 @@ kern_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, hostnamelen = newlen; return (error); case KERN_DOMAINNAME: - error = sysctl_tstring(oldp, oldlenp, newp, newlen, - domainname, sizeof(domainname)); + if (securelevel >= 1 && domainnamelen && newp) + error = EPERM; + else + error = sysctl_tstring(oldp, oldlenp, newp, newlen, + domainname, sizeof(domainname)); if (newp && !error) domainnamelen = newlen; return (error); -- cgit v1.2.3