From 9810dc47d0d68c573fe93e3f09d8cfd2155660c3 Mon Sep 17 00:00:00 2001 From: Hugh Graham Date: Sun, 27 Feb 2000 04:57:30 +0000 Subject: Provide a means to lock ddb off on systems at high securelevel, in order reduce the need for a custom kernel sans ddb. --- sys/ddb/db_usrreq.c | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) (limited to 'sys/ddb') diff --git a/sys/ddb/db_usrreq.c b/sys/ddb/db_usrreq.c index 52f73fa22da..d0557fde62f 100644 --- a/sys/ddb/db_usrreq.c +++ b/sys/ddb/db_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: db_usrreq.c,v 1.3 1998/02/05 16:49:22 deraadt Exp $ */ +/* $OpenBSD: db_usrreq.c,v 1.4 2000/02/27 04:57:29 hugh Exp $ */ /* * Copyright (c) 1996 Michael Shalayeff. All rights reserved. @@ -38,6 +38,8 @@ #include +extern int securelevel; + int ddb_sysctl(name, namelen, oldp, oldlenp, newp, newlen, p) int *name; @@ -48,6 +50,8 @@ ddb_sysctl(name, namelen, oldp, oldlenp, newp, newlen, p) size_t newlen; struct proc *p; { + int error, ctlval; + /* All sysctl names at this level are terminal. */ if (namelen != 1) return (ENOTDIR); @@ -63,9 +67,27 @@ ddb_sysctl(name, namelen, oldp, oldlenp, newp, newlen, p) case DBCTL_MAXLINE: return sysctl_int(oldp, oldlenp, newp, newlen, &db_max_line); case DBCTL_PANIC: - return sysctl_int(oldp, oldlenp, newp, newlen, &db_panic); + ctlval = db_panic; + if ((error = sysctl_int(oldp, oldlenp, newp, newlen, &ctlval)) || + newp == NULL) + return (error); + if (ctlval != 1 && ctlval != 0) + return (EINVAL); + if (ctlval > db_panic && securelevel > 1) + return (EPERM); + db_panic = ctlval; + return (0); case DBCTL_CONSOLE: - return sysctl_int(oldp, oldlenp, newp, newlen, &db_console); + ctlval = db_console; + if ((error = sysctl_int(oldp, oldlenp, newp, newlen, &ctlval)) || + newp == NULL) + return (error); + if (ctlval != 1 && ctlval != 0) + return (EINVAL); + if (ctlval > db_console && securelevel > 1) + return (EPERM); + db_console = ctlval; + return (0); default: return (EOPNOTSUPP); } -- cgit v1.2.3