From acd3428b7d3e94cef0e1881c868cb4b131d4ff41 Mon Sep 17 00:00:00 2001
From: Robert Watson <rwatson@FreeBSD.org>
Date: Mon, 6 Nov 2006 13:42:10 +0000
Subject: Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
 specific privilege names to a broad range of privileges.  These may require
 some future tweaking.

Sponsored by:           nCircle Network Security, Inc.
Obtained from:          TrustedBSD Project
Discussed on:           arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
                        Alex Lyashkov <umka at sevcity dot net>,
                        Skip Ford <skip dot ford at verizon dot net>,
                        Antoine Brodin <antoine dot brodin at laposte dot net>
---
 sys/dev/random/randomdev.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'sys/dev/random/randomdev.c')

diff --git a/sys/dev/random/randomdev.c b/sys/dev/random/randomdev.c
index 4d2b1bbffe6d0..7cc78e61e8c2d 100644
--- a/sys/dev/random/randomdev.c
+++ b/sys/dev/random/randomdev.c
@@ -41,6 +41,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/module.h>
 #include <sys/mutex.h>
 #include <sys/poll.h>
+#include <sys/priv.h>
 #include <sys/proc.h>
 #include <sys/selinfo.h>
 #include <sys/uio.h>
@@ -85,7 +86,7 @@ static int
 random_close(struct cdev *dev __unused, int flags, int fmt __unused,
     struct thread *td)
 {
-	if ((flags & FWRITE) && (suser(td) == 0)
+	if ((flags & FWRITE) && (priv_check(td, PRIV_RANDOM_RESEED) == 0)
 	    && (securelevel_gt(td->td_ucred, 0) == 0)) {
 		(*random_systat.reseed)();
 		random_systat.seeded = 1;
-- 
cgit v1.3