summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobert Watson <rwatson@FreeBSD.org>2001-08-31 21:44:12 +0000
committerRobert Watson <rwatson@FreeBSD.org>2001-08-31 21:44:12 +0000
commit93f4fd1cb6a9c18f6c2dcc54f8e2d4974263c3be (patch)
tree38a78ec3e6dba9591fe552ca1db181734fa0ae9e
parent7034ded953c2d005377f56c5be63fdc531569c58 (diff)
Notes
Diffstat
-rw-r--r--sys/kern/kern_prot.c10
-rw-r--r--sys/sys/systm.h1
2 files changed, 6 insertions, 5 deletions
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index d04468e5dbf6..2802b01e6e61 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -1030,7 +1030,7 @@ groupmember(gid, cred)
}
/*
- * `suser_permitted' (which can be set by the kern.security.suser_permitted
+ * `suser_enabled' (which can be set by the kern.security.suser_enabled
* sysctl) determines whether the system 'super-user' policy is in effect.
* If it is nonzero, an effective uid of 0 connotes special privilege,
* overriding many mandatory and discretionary protections. If it is zero,
@@ -1039,9 +1039,9 @@ groupmember(gid, cred)
* existing userland programs, and should not be done without careful
* consideration of the consequences.
*/
-static int suser_permitted = 1;
-SYSCTL_INT(_kern_security, OID_AUTO, suser_permitted, CTLFLAG_RW,
- &suser_permitted, 0, "processes with uid 0 have privilege");
+int suser_enabled = 1;
+SYSCTL_INT(_kern_security, OID_AUTO, suser_enabled, CTLFLAG_RW,
+ &suser_enabled, 0, "processes with uid 0 have privilege");
/*
* Test whether the specified credentials imply "super-user" privilege.
@@ -1060,7 +1060,7 @@ suser_xxx(cred, proc, flag)
struct proc *proc;
int flag;
{
- if (!suser_permitted)
+ if (!suser_enabled)
return (EPERM);
if (!cred && !proc) {
printf("suser_xxx(): THINK!\n");
diff --git a/sys/sys/systm.h b/sys/sys/systm.h
index 5b524816543d..afc3e4be33a5 100644
--- a/sys/sys/systm.h
+++ b/sys/sys/systm.h
@@ -47,6 +47,7 @@
#include <sys/callout.h>
extern int securelevel; /* system security level (see init(8)) */
+extern int suser_enabled; /* suser_xxx() is permitted to return 0 */
extern int cold; /* nonzero if we are doing a cold boot */
extern const char *panicstr; /* panic message */
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-24 08:13:27 +0000