[src/netbsd-3]: src/sys/kern Pull up revision 1.27 (requested by elad in tick...

[tron <tron%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/4ef773810348
branches:  netbsd-3
changeset: 576377:4ef773810348
user:      tron <tron%NetBSD.org@localhost>
date:      Sat Jul 02 15:52:41 2005 +0000

description:
Pull up revision 1.27 (requested by elad in ticket #487):
Oops. Don't allow file delete even if it's not monitored if we're in
lockdown mode (strict level 3).

diffstat:

 sys/kern/kern_verifiedexec.c |  11 ++++++++---
 1 files changed, 8 insertions(+), 3 deletions(-)

diffs (33 lines):

diff -r 86db2b0044b6 -r 4ef773810348 sys/kern/kern_verifiedexec.c
--- a/sys/kern/kern_verifiedexec.c      Sat Jul 02 15:52:10 2005 +0000
+++ b/sys/kern/kern_verifiedexec.c      Sat Jul 02 15:52:41 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_verifiedexec.c,v 1.9.2.17 2005/07/02 15:51:33 tron Exp $  */
+/*     $NetBSD: kern_verifiedexec.c,v 1.9.2.18 2005/07/02 15:52:41 tron Exp $  */
 
 /*-
  * Copyright 2005 Elad Efrat <elad%bsd.org.il@localhost>
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_verifiedexec.c,v 1.9.2.17 2005/07/02 15:51:33 tron Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_verifiedexec.c,v 1.9.2.18 2005/07/02 15:52:41 tron Exp $");
 
 #include <sys/param.h>
 #include <sys/mount.h>
@@ -467,8 +467,13 @@
                return (error);
 
        vhe = veriexec_lookup(va.va_fsid, va.va_fileid);
-       if (vhe == NULL)
+       if (vhe == NULL) {
+               /* Lockdown mode: Deny access to non-monitored files. */
+               if (veriexec_strict >= 3)
+                       return (EPERM);
+
                return (0);
+       }
 
        veriexec_report("Remove request.", pathbuf, &va, p,
                        REPORT_NOVERBOSE, REPORT_ALARM, REPORT_NOPANIC);