securelevel - Fix disk accessing with high secure level.
authorAntonio Huete <tuxillo@quantumachine.net>
Thu, 15 Oct 2009 11:27:18 +0000 (13:27 +0200)
committerSimon Schubert <corecode@dragonflybsd.org>
Thu, 15 Oct 2009 11:32:14 +0000 (13:32 +0200)
sys/vfs/devfs/devfs_vnops.c

index 5105ccf..6d99bbd 100644 (file)
@@ -821,6 +821,17 @@ devfs_spec_open(struct vop_open_args *ap)
                return error;
        }
 
+       /*
+        * Check security level before allowing write access to 
+        * a disk device
+        */
+       if (dev_dflags(dev) & D_DISK) {
+               if ((ap->a_mode & FWRITE) && 
+                   (ap->a_cred != FSCRED)) {
+                       if (securelevel >= 2)
+                               return EPERM;
+               }
+       }
 
        if (dev_dflags(dev) & D_TTY) {
                if (dev->si_tty) {