diff options
| author |   deraadt <deraadt@openbsd.org> | 1996-10-04 01:26:45 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 1996-10-04 01:26:45 +0000 |
| commit | f8657ccf40accec3e4d1f1cf3003cb7929ee0dcd (patch) | |
| tree | 8fdcaf4c091555b4590813e17a844466b16e5af8 | |
| parent | update (diff) | |
| download | wireguard-openbsd-f8657ccf40accec3e4d1f1cf3003cb7929ee0dcd.tar.xz wireguard-openbsd-f8657ccf40accec3e4d1f1cf3003cb7929ee0dcd.zip | |
usermount sysctl, default to prevent users from using mount syscall
| -rw-r--r-- | sys/kern/kern_sysctl.c | 5 | ||||
| -rw-r--r-- | sys/kern/vfs_syscalls.c | 6 | ||||
| -rw-r--r-- | sys/sys/sysctl.h | 6 |
3 files changed, 13 insertions, 4 deletions
diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index c3c20b170dd..33261ace9fc 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sysctl.c,v 1.12 1996/09/20 22:53:09 deraadt Exp $ */ +/* $OpenBSD: kern_sysctl.c,v 1.13 1996/10/04 01:26:47 deraadt Exp $ */ /* $NetBSD: kern_sysctl.c,v 1.17 1996/05/20 17:49:05 mrg Exp $ */ /*- @@ -205,6 +205,7 @@ kern_sysctl(name, namelen, oldp, oldlenp, newp, newlen, p) int error, level, inthostid; extern char ostype[], osrelease[], osversion[], version[]; extern int somaxconn, sominconn; + extern int usermount; /* all sysctl names at this level are terminal */ if (namelen != 1 && !(name[0] == KERN_PROC || name[0] == KERN_PROF)) @@ -294,6 +295,8 @@ kern_sysctl(name, namelen, oldp, oldlenp, newp, newlen, p) return (sysctl_int(oldp, oldlenp, newp, newlen, &somaxconn)); case KERN_SOMINCONN: return (sysctl_int(oldp, oldlenp, newp, newlen, &sominconn)); + case KERN_USERMOUNT: + return (sysctl_int(oldp, oldlenp, newp, newlen, &usermount)); default: return (EOPNOTSUPP); } diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 127fcdbade8..61cdd21c4fe 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_syscalls.c,v 1.14 1996/09/24 02:40:12 deraadt Exp $ */ +/* $OpenBSD: vfs_syscalls.c,v 1.15 1996/10/04 01:26:48 deraadt Exp $ */ /* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */ /* @@ -61,6 +61,7 @@ #include <sys/sysctl.h> extern int suid_clear; +int usermount = 0; /* sysctl: by default, users may not mount */ static int change_dir __P((struct nameidata *, struct proc *)); @@ -95,6 +96,9 @@ sys_mount(p, v, retval) struct vattr va; struct nameidata nd; + if (usermount == 0 && (error = suser(p->p_ucred, &p->p_acflag))) + return (error); + /* * Get vnode to be covered */ diff --git a/sys/sys/sysctl.h b/sys/sys/sysctl.h index 7e985d36995..1377c5eef71 100644 --- a/sys/sys/sysctl.h +++ b/sys/sys/sysctl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sysctl.h,v 1.10 1996/09/20 22:53:05 deraadt Exp $ */ +/* $OpenBSD: sysctl.h,v 1.11 1996/10/04 01:26:45 deraadt Exp $ */ /* $NetBSD: sysctl.h,v 1.16 1996/04/09 20:55:36 cgd Exp $ */ /* @@ -140,7 +140,8 @@ struct ctlname { #define KERN_OSVERSION 27 /* string: kernel build version */ #define KERN_SOMAXCONN 28 /* int: listen queue maximum */ #define KERN_SOMINCONN 29 /* int: half-open controllable param */ -#define KERN_MAXID 30 /* number of valid kern ids */ +#define KERN_USERMOUNT 30 /* int: users may mount filesystems */ +#define KERN_MAXID 31 /* number of valid kern ids */ #define CTL_KERN_NAMES { \ { 0, 0 }, \ @@ -173,6 +174,7 @@ struct ctlname { { "osversion", CTLTYPE_STRING }, \ { "somaxconn", CTLTYPE_INT }, \ { "sominconn", CTLTYPE_INT }, \ + { "usermount", CTLTYPE_INT }, \ } /* |