D54324.diff
No OneTemporary
Actions

Size

903 B

Referenced Files

None

Subscribers

None

D54324.diff
View Options

	diff --git a/sys/kern/kern_kexec.c b/sys/kern/kern_kexec.c
	--- a/sys/kern/kern_kexec.c
	+++ b/sys/kern/kern_kexec.c
	@@ -342,7 +342,19 @@
	{
	int error;

	- // FIXME: Do w need a better privilege check than PRIV_REBOOT here?
	+/*
	+ * XXX: Is PRIV_REBOOT sufficient here?
	+ *
	+ * Loading a new kernel image via kexec_load() is a more powerful operation
	+ * than a traditional reboot, as it allows replacing the running kernel
	+ * without returning to firmware or the bootloader.
	+ *
	+ * The current use of PRIV_REBOOT relies on the system security policy
	+ * (e.g., MAC frameworks, jail restrictions) to further constrain access
	+ * where appropriate. A more specific privilege (e.g., kexec-specific)
	+ * could provide finer-grained control in environments requiring stricter
	+ * separation of administrative capabilities.
	+ */
	error = priv_check(td, PRIV_REBOOT);
	if (error != 0)
	return (error);