From owner-freebsd-hackers  Mon May 20 11:55:29 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id LAA08255
          for hackers-outgoing; Mon, 20 May 1996 11:55:29 -0700 (PDT)
Received: from orion.fa.tdktca.com (root@[163.49.131.130])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id LAA08250
          for <hackers@freebsd.org>; Mon, 20 May 1996 11:55:26 -0700 (PDT)
Received: from orion (alex@localhost [127.0.0.1]) by orion.fa.tdktca.com (8.6.12/8.6.9) with SMTP id NAA31438; Mon, 20 May 1996 13:59:11 -0500
Message-ID: <31A0C0FE.1CE1BCE0@fa.tdktca.com>
Date: Mon, 20 May 1996 13:59:10 -0500
From: Alex Nash <alex@fa.tdktca.com>
Organization: TDK Factory Automation
X-Mailer: Mozilla 2.0 (X11; I; Linux 1.2.13 i586)
MIME-Version: 1.0
To: Garrett Wollman <wollman@lcs.mit.edu>
CC: hackers@freebsd.org
Subject: Re: unionfs
References: <199605201850.NAA31412@orion.fa.tdktca.com> <9605201850.AA22618@halloran-eldar.lcs.mit.edu>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Garrett Wollman wrote:

> > Since modload opens a character device which is not a disk device,
> > I don't think securelevel prevents LKMs from being loaded (but I
> > agree that it should).
> 
> > What did I miss?
> 
> kern/kern_lkm.c specifically inspects securelevel and denies write
> access when >0.
> 
> ------------------------------------
>                 if ((flag & FWRITE) == 0 || securelevel > 0)
>                         /* only allow this if writing and insecure */
>                         return EPERM;
> ------------------------------------

At first I couldn't believe I'd missed this, but it turns out
this code is only in -current.  Can someone add this to -stable?

Alex