[src/netbsd-3]: src/sys/dev Pull up revision 1.14 (requested by elad in ticke...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/netbsd-3]: src/sys/dev Pull up revision 1.14 (requested by elad in ticke...
From: tron <tron%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 16:40:04 +0000

details:   https://anonhg.NetBSD.org/src/rev/a1f0cdda2179
branches:  netbsd-3
changeset: 576369:a1f0cdda2179
user:      tron <tron%NetBSD.org@localhost>
date:      Sat Jul 02 15:50:08 2005 +0000

description:
Pull up revision 1.14 (requested by elad in ticket #487):
Since NetBSD operates in securelevel -1 by default, don't rely on the
securelevel alone when checking if the veriexec tables can be modified;
also check if the strict level is above 0.

diffstat:

 sys/dev/verified_exec.c |  12 ++++++------
 1 files changed, 6 insertions(+), 6 deletions(-)

diffs (34 lines):

diff -r 2809288a9f04 -r a1f0cdda2179 sys/dev/verified_exec.c
--- a/sys/dev/verified_exec.c   Sat Jul 02 15:49:51 2005 +0000
+++ b/sys/dev/verified_exec.c   Sat Jul 02 15:50:08 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: verified_exec.c,v 1.5.2.7 2005/07/02 15:49:51 tron Exp $       */
+/*     $NetBSD: verified_exec.c,v 1.5.2.8 2005/07/02 15:50:08 tron Exp $       */
 
 /*-
  * Copyright 2005 Elad Efrat <elad%bsd.org.il@localhost>
@@ -31,9 +31,9 @@
 
 #include <sys/cdefs.h>
 #if defined(__NetBSD__)
-__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.5.2.7 2005/07/02 15:49:51 tron Exp $");
+__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.5.2.8 2005/07/02 15:50:08 tron Exp $");
 #else
-__RCSID("$Id: verified_exec.c,v 1.5.2.7 2005/07/02 15:49:51 tron Exp $\n$NetBSD: verified_exec.c,v 1.5.2.7 2005/07/02 15:49:51 tron Exp $");
+__RCSID("$Id: verified_exec.c,v 1.5.2.8 2005/07/02 15:50:08 tron Exp $\n$NetBSD: verified_exec.c,v 1.5.2.8 2005/07/02 15:50:08 tron Exp $");
 #endif
 
 #include <sys/param.h>
@@ -161,9 +161,9 @@
        /*
         * Don't allow updates in multi-user mode.
         */
-       if (securelevel >= 1) {
-               printf("Veriexec: veriexecioctl: Securelevel raised, loading"
-                      "fingerprints is not permitted\n");
+       if ((securelevel > 0) || (veriexec_strict > 0)) {
+               printf("Veriexec: veriexecioctl: Securelevel or strict "
+                      "mode, modifying veriexec tables is not permitted.\n"); 
 
                return (EPERM);
        }

Prev by Date: [src/netbsd-3]: src/etc Pull up revision 1.45 (requested by elad in ticket #4...
Next by Date: [src/netbsd-3]: src/sys/dev Pull up revision 1.15 (requested by elad in ticke...
Previous by Thread: [src/netbsd-3]: src/etc Pull up revision 1.45 (requested by elad in ticket #4...
Next by Thread: [src/netbsd-3]: src/sys/dev Pull up revision 1.15 (requested by elad in ticke...
Indexes:

Home | Main Index | Thread Index | Old Index