Date: Thu, 19 Oct 2000 23:16:11 -0700 (PDT) From: patrick@atamaniuk.de To: freebsd-gnats-submit@FreeBSD.org Subject: kern/22142: securelevel does not affect mount Message-ID: <20001020061611.7299D37B4E5@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 22142
>Category: kern
>Synopsis: securelevel does not affect mount
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Thu Oct 19 23:20:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Patrick Atamaniuk
>Release: 4.1/4.1.1/5.0
>Organization:
Nacamar/World Online
>Environment:
FreeBSD schweinebilder.dangerzone.nacamar.de 4.1.1-STABLE FreeBSD 4.1.1-STABLE #2: Tue Oct 3 18:17:00 CEST 2000 root@schweinebilder.dangerzone.nacamar.de:/usr/src/sys/compile/S i386
>Description:
Securelevel should be able to restrict mounting/remounting of filesystems
if raised above a certain level in order to secure ro-mounted filesystems
>How-To-Repeat:
increase securelevel to any value, remount any fs ro->rw works
>Fix:
#in function mount and unmount in vfs_syscalls:
#
--- kern/vfs_syscalls.c.orig Thu Sep 28 23:22:42 2000
+++ kern/vfs_syscalls.c Thu Sep 28 23:28:54 2000
@@ -120,6 +120,9 @@
struct nameidata nd;
char fstypename[MFSNAMELEN];
+ if (securelevel > 1)
+ return EPERM;
+
if (usermount == 0 && (error = suser(p)))
return (error);
/*
@@ -410,6 +413,9 @@
struct mount *mp;
int error;
struct nameidata nd;
+
+ if (securelevel > 1)
+ return EPERM;
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE,
SCARG(uap, path), p);
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001020061611.7299D37B4E5>