From owner-cvs-all Wed Mar 20 8: 3:47 2002 Delivered-To: cvs-all@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id D7F6037B417; Wed, 20 Mar 2002 08:03:42 -0800 (PST) Received: (from arr@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g2KG3gB89813; Wed, 20 Mar 2002 08:03:42 -0800 (PST) (envelope-from arr) Message-Id: <200203201603.g2KG3gB89813@freefall.freebsd.org> From: "Andrew R. Reiter" Date: Wed, 20 Mar 2002 08:03:42 -0800 (PST) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern kern_linker.c vfs_syscalls.c X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG arr 2002/03/20 08:03:42 PST Modified files: sys/kern kern_linker.c vfs_syscalls.c Log: - Change a check of securelevel to securelevel_gt() call in order to help against users within a jail attempting to load kernel modules. - Add a check of securelevel_gt() to vfs_mount() in order to chop some low hanging fruit for the repair of securelevel checking of linking and unlinking files from within jails. There is more to be done here. Reviewed by: rwatson Revision Changes Path 1.82 +10 -6 src/sys/kern/kern_linker.c 1.235 +5 -0 src/sys/kern/vfs_syscalls.c To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message