From d429df0aff096c51788ed2b25364c5d1e13eeb20 Mon Sep 17 00:00:00 2001
From: Matthieu Herrb <matthieu@cvs.openbsd.org>
Date: Thu, 5 Jan 2006 20:09:19 +0000
Subject: Check securelevel and machdep.allowaperture for i386_set_ioperm() the
 same way as for i386_iopl(). ok deraadt@

---
 sys/arch/i386/i386/sys_machdep.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'sys/arch')

diff --git a/sys/arch/i386/i386/sys_machdep.c b/sys/arch/i386/i386/sys_machdep.c
index d423a40f040..1f4e026f0a4 100644
--- a/sys/arch/i386/i386/sys_machdep.c
+++ b/sys/arch/i386/i386/sys_machdep.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sys_machdep.c,v 1.23 2004/02/01 12:26:45 grange Exp $	*/
+/*	$OpenBSD: sys_machdep.c,v 1.24 2006/01/05 20:09:18 matthieu Exp $	*/
 /*	$NetBSD: sys_machdep.c,v 1.28 1996/05/03 19:42:29 christos Exp $	*/
 
 /*-
@@ -394,6 +394,13 @@ i386_set_ioperm(p, args, retval)
 	if ((error = suser(p, 0)) != 0)
 		return error;
 
+#ifdef APERTURE
+	if (!allowaperture && securelevel > 0)
+		return EPERM;
+#else
+	if (securelevel > 0)
+		return EPERM;
+#endif
 	if ((error = copyin(args, &ua, sizeof(ua))) != 0)
 		return (error);
 
-- 
cgit v1.2.3