From 7906271f25e7b8823ab5b30dba9bf6d1ef03e2c1 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Fri, 22 Mar 2002 14:58:27 +0000 Subject: [PATCH] In sysctl, req->td is believed always to be non-NULL, so there's no need to test req->td for NULL values and then do somewhat more bizarre things relating to securelevel special-casing and suser checks. Remove the testing and conditional security checks based on req->td!=NULL, and insert a KASSERT that td != NULL. Callers to sysctl must always specify the thread (be it kernel or otherwise) requesting the operation, or a number of current sysctls will fail due to assumptions that the thread exists. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs Discussed with: bde --- sys/kern/kern_sysctl.c | 32 +++++++++++++------------------- 1 file changed, 13 insertions(+), 19 deletions(-) diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index 2b725ee4423..9942ca141e3 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -1067,32 +1067,26 @@ sysctl_root(SYSCTL_HANDLER_ARGS) if (req->newptr && !(oid->oid_kind & CTLFLAG_WR)) return (EPERM); + KASSERT(req->td != NULL, ("sysctl_root(): req->td == NULL")); + /* Is this sysctl sensitive to securelevels? */ if (req->newptr && (oid->oid_kind & CTLFLAG_SECURE)) { - if (req->td == NULL) { - error = securelevel_gt(NULL, 0); /* XXX */ - if (error) - return (error); - } else { - error = securelevel_gt(req->td->td_ucred, 0); - if (error) - return (error); - } + error = securelevel_gt(req->td->td_ucred, 0); + if (error) + return (error); } /* Is this sysctl writable by only privileged users? */ if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) { - if (req->td != NULL) { - int flags; + int flags; - if (oid->oid_kind & CTLFLAG_PRISON) - flags = PRISON_ROOT; - else - flags = 0; - error = suser_xxx(NULL, req->td->td_proc, flags); - if (error) - return (error); - } + if (oid->oid_kind & CTLFLAG_PRISON) + flags = PRISON_ROOT; + else + flags = 0; + error = suser_xxx(NULL, req->td->td_proc, flags); + if (error) + return (error); } if (!oid->oid_handler)