From: deraadt Date: Thu, 14 Jul 2016 15:39:40 +0000 (+0000) Subject: kern.usermount=1 is unsafe for everyone, since it allows any non-pledged X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=ae3255761c2f0fd5f127d9467fdc50fa571ae1c9;p=openbsd kern.usermount=1 is unsafe for everyone, since it allows any non-pledged program to call the mount/umount system calls. There is no way any user can be expected to keep their system safe / reliable with this feature. Ignore setting to =1, and after release we'll delete the sysctl entirely. ok lots of people --- diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index 24c783637e2..d78d6d76de6 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sysctl.c,v 1.305 2016/05/27 19:45:04 deraadt Exp $ */ +/* $OpenBSD: kern_sysctl.c,v 1.306 2016/07/14 15:39:40 deraadt Exp $ */ /* $NetBSD: kern_sysctl.c,v 1.17 1996/05/20 17:49:05 mrg Exp $ */ /*- @@ -275,7 +275,7 @@ kern_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, int error, level, inthostid, stackgap; dev_t dev; extern int somaxconn, sominconn; - extern int usermount, nosuidcoredump; + extern int nosuidcoredump; extern int maxlocksperuid; extern int pool_debug; extern int uvm_wxabort; @@ -414,8 +414,10 @@ kern_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, return (sysctl_int(oldp, oldlenp, newp, newlen, &somaxconn)); case KERN_SOMINCONN: return (sysctl_int(oldp, oldlenp, newp, newlen, &sominconn)); - case KERN_USERMOUNT: - return (sysctl_int(oldp, oldlenp, newp, newlen, &usermount)); + case KERN_USERMOUNT: { + int usermount = 0; + return (sysctl_rdint(oldp, oldlenp, newp, usermount)); + } case KERN_ARND: { char buf[512]; diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 0bb23b084a0..14d22ad9395 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_syscalls.c,v 1.262 2016/07/12 20:53:04 millert Exp $ */ +/* $OpenBSD: vfs_syscalls.c,v 1.263 2016/07/14 15:39:40 deraadt Exp $ */ /* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */ /* @@ -63,7 +63,6 @@ #include extern int suid_clear; -int usermount = 0; /* sysctl: by default, users may not mount */ static int change_dir(struct nameidata *, struct proc *); @@ -116,7 +115,7 @@ sys_mount(struct proc *p, void *v, register_t *retval) struct vfsconf *vfsp; int flags = SCARG(uap, flags); - if (usermount == 0 && (error = suser(p, 0))) + if ((error = suser(p, 0))) return (error); /*