From 7f843ef3b2b080c178bda7135de64c6276416eb3 Mon Sep 17 00:00:00 2001
From: Andreas Kling <awesomekling@gmail.com>
Date: Thu, 2 Jan 2020 13:37:23 +0100
Subject: [PATCH] Kernel: Make the purge() syscall superuser-only

I don't think we need to give unprivileged users access to what is
essentially a kernel testing mechanism.
---
 Base/usr/share/man/man8/purge.md | 2 +-
 Kernel/Process.cpp               | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/Base/usr/share/man/man8/purge.md b/Base/usr/share/man/man8/purge.md
index 4ff224e9da8..b49bb61f239 100644
--- a/Base/usr/share/man/man8/purge.md
+++ b/Base/usr/share/man/man8/purge.md
@@ -23,6 +23,6 @@ If no options are specified, all possible memory is released.
 ## Examples
 
 ```sh
-$ purge
+# purge
 Purged page count: 744
 ```
diff --git a/Kernel/Process.cpp b/Kernel/Process.cpp
index 6d601a9e4b4..06667942909 100644
--- a/Kernel/Process.cpp
+++ b/Kernel/Process.cpp
@@ -463,6 +463,8 @@ int Process::sys$madvise(void* address, size_t size, int advice)
 
 int Process::sys$purge(int mode)
 {
+    if (!is_superuser())
+        return -EPERM;
     int purged_page_count = 0;
     if (mode & PURGE_ALL_VOLATILE) {
         NonnullRefPtrVector<PurgeableVMObject> vmobjects;