Module Name: src
Committed By: jym
Date: Mon Jan 28 00:51:30 UTC 2013
Modified Files:
src/sys/secmodel/extensions: secmodel_extensions.c
src/sys/secmodel/securelevel: secmodel_securelevel.c
Log Message:
Re-instate backwards compatible security.models.bsd44.{curtain,securelevel}.
They were mistakenly removed when curtain and securelevel moved to
secmodel_extensions(9).
Reported by tls@ on tech-security@.
XXX will ask for pull-up for -6.
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/sys/secmodel/extensions/secmodel_extensions.c
cvs rdiff -u -r1.28 -r1.29 \
src/sys/secmodel/securelevel/secmodel_securelevel.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/secmodel/extensions/secmodel_extensions.c
diff -u src/sys/secmodel/extensions/secmodel_extensions.c:1.3 src/sys/secmodel/extensions/secmodel_extensions.c:1.4
--- src/sys/secmodel/extensions/secmodel_extensions.c:1.3 Tue Mar 13 18:41:01 2012
+++ src/sys/secmodel/extensions/secmodel_extensions.c Mon Jan 28 00:51:29 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_extensions.c,v 1.3 2012/03/13 18:41:01 elad Exp $ */
+/* $NetBSD: secmodel_extensions.c,v 1.4 2013/01/28 00:51:29 jym Exp $ */
/*-
* Copyright (c) 2011 Elad Efrat <[email protected]>
* All rights reserved.
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.3 2012/03/13 18:41:01 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.4 2013/01/28 00:51:29 jym Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -73,7 +73,7 @@ static int secmodel_extensions_network_c
static void
sysctl_security_extensions_setup(struct sysctllog **clog)
{
- const struct sysctlnode *rnode;
+ const struct sysctlnode *rnode, *rnode2;
sysctl_createv(clog, 0, NULL, &rnode,
CTLFLAG_PERMANENT,
@@ -87,6 +87,23 @@ sysctl_security_extensions_setup(struct
NULL, 0, NULL, 0,
CTL_CREATE, CTL_EOL);
+ /* Compatibility: security.models.bsd44 */
+ rnode2 = rnode;
+ sysctl_createv(clog, 0, &rnode2, &rnode2,
+ CTLFLAG_PERMANENT,
+ CTLTYPE_NODE, "bsd44", NULL,
+ NULL, 0, NULL, 0,
+ CTL_CREATE, CTL_EOL);
+
+ /* Compatibility: security.models.bsd44.curtain */
+ sysctl_createv(clog, 0, &rnode2, NULL,
+ CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+ CTLTYPE_INT, "curtain",
+ SYSCTL_DESCR("Curtain information about objects to "\
+ "users not owning them."),
+ sysctl_extensions_curtain_handler, 0, &curtain, 0,
+ CTL_CREATE, CTL_EOL);
+
sysctl_createv(clog, 0, &rnode, &rnode,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "extensions", NULL,
Index: src/sys/secmodel/securelevel/secmodel_securelevel.c
diff -u src/sys/secmodel/securelevel/secmodel_securelevel.c:1.28 src/sys/secmodel/securelevel/secmodel_securelevel.c:1.29
--- src/sys/secmodel/securelevel/secmodel_securelevel.c:1.28 Wed Jun 27 10:15:25 2012
+++ src/sys/secmodel/securelevel/secmodel_securelevel.c Mon Jan 28 00:51:30 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_securelevel.c,v 1.28 2012/06/27 10:15:25 cheusov Exp $ */
+/* $NetBSD: secmodel_securelevel.c,v 1.29 2013/01/28 00:51:30 jym Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <[email protected]>
* All rights reserved.
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.28 2012/06/27 10:15:25 cheusov Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.29 2013/01/28 00:51:30 jym Exp $");
#ifdef _KERNEL_OPT
#include "opt_insecure.h"
@@ -95,7 +95,7 @@ secmodel_securelevel_sysctl(SYSCTLFN_ARG
void
sysctl_security_securelevel_setup(struct sysctllog **clog)
{
- const struct sysctlnode *rnode;
+ const struct sysctlnode *rnode, *rnode2;
sysctl_createv(clog, 0, NULL, &rnode,
CTLFLAG_PERMANENT,
@@ -109,6 +109,22 @@ sysctl_security_securelevel_setup(struct
NULL, 0, NULL, 0,
CTL_CREATE, CTL_EOL);
+ /* Compatibility: security.models.bsd44 */
+ rnode2 = rnode;
+ sysctl_createv(clog, 0, &rnode2, &rnode2,
+ CTLFLAG_PERMANENT,
+ CTLTYPE_NODE, "bsd44", NULL,
+ NULL, 0, NULL, 0,
+ CTL_CREATE, CTL_EOL);
+
+ /* Compatibility: security.models.bsd44.securelevel */
+ sysctl_createv(clog, 0, &rnode2, NULL,
+ CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+ CTLTYPE_INT, "securelevel",
+ SYSCTL_DESCR("System security level"),
+ secmodel_securelevel_sysctl, 0, NULL, 0,
+ CTL_CREATE, CTL_EOL);
+
sysctl_createv(clog, 0, &rnode, &rnode,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "securelevel", NULL,
