From owner-freebsd-bugs  Thu Oct 19 23:20: 7 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 8A36B37B4D7
	for <freebsd-bugs@FreeBSD.org>; Thu, 19 Oct 2000 23:20:01 -0700 (PDT)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id XAA12381;
	Thu, 19 Oct 2000 23:20:01 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 7299D37B4E5; Thu, 19 Oct 2000 23:16:11 -0700 (PDT)
Message-Id: <20001020061611.7299D37B4E5@hub.freebsd.org>
Date: Thu, 19 Oct 2000 23:16:11 -0700 (PDT)
From: patrick@atamaniuk.de
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-1.0
Subject: kern/22142: securelevel does not affect mount
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         22142
>Category:       kern
>Synopsis:       securelevel does not affect mount
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Oct 19 23:20:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Patrick Atamaniuk
>Release:        4.1/4.1.1/5.0
>Organization:
Nacamar/World Online
>Environment:
FreeBSD schweinebilder.dangerzone.nacamar.de 4.1.1-STABLE FreeBSD 4.1.1-STABLE #2: Tue Oct  3 18:17:00 CEST 2000     root@schweinebilder.dangerzone.nacamar.de:/usr/src/sys/compile/S  i386

>Description:
Securelevel should be able to restrict mounting/remounting of filesystems
if raised above a certain level in order to secure ro-mounted filesystems
>How-To-Repeat:
increase securelevel to any value, remount any fs ro->rw works
>Fix:
#in function mount and unmount in vfs_syscalls:
#

--- kern/vfs_syscalls.c.orig    Thu Sep 28 23:22:42 2000
+++ kern/vfs_syscalls.c Thu Sep 28 23:28:54 2000
@@ -120,6 +120,9 @@
        struct nameidata nd;
        char fstypename[MFSNAMELEN];

+       if (securelevel > 1)
+               return EPERM;
+
        if (usermount == 0 && (error = suser(p)))
                return (error);
        /*
@@ -410,6 +413,9 @@
        struct mount *mp;
        int error;
        struct nameidata nd;
+
+       if (securelevel > 1)
+               return EPERM;

        NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE,
            SCARG(uap, path), p);


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message