From 118eee253ff0ce26188b3e2e646092bb275203df Mon Sep 17 00:00:00 2001
From: Theo de Raadt <deraadt@cvs.openbsd.org>
Date: Sat, 21 Jun 1997 12:19:46 +0000
Subject: block all write ops to init in securelevel modes; nash@mcs.com

---
 sys/miscfs/procfs/procfs_subr.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'sys/miscfs')

diff --git a/sys/miscfs/procfs/procfs_subr.c b/sys/miscfs/procfs/procfs_subr.c
index 46ddd5d8328..85b8e2ac4c3 100644
--- a/sys/miscfs/procfs/procfs_subr.c
+++ b/sys/miscfs/procfs/procfs_subr.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: procfs_subr.c,v 1.5 1997/04/06 07:00:14 millert Exp $	*/
+/*	$OpenBSD: procfs_subr.c,v 1.6 1997/06/21 12:19:45 deraadt Exp $	*/
 /*	$NetBSD: procfs_subr.c,v 1.15 1996/02/12 15:01:42 christos Exp $	*/
 
 /*
@@ -221,6 +221,9 @@ procfs_rw(v)
 	p = PFIND(pfs->pfs_pid);
 	if (p == 0)
 		return (EINVAL);
+	/* Do not permit games to be played with init(8) */
+	if (p->p_pid == 1 && securelevel > 0 && uio->uio_rw == UIO_WRITE)
+		return (EPERM);
 
 	switch (pfs->pfs_type) {
 	case Pnote:
-- 
cgit v1.2.3