diff options
| author | bde <bde@FreeBSD.org> | 1997-04-14 15:54:39 +0000 |
|---|---|---|
| committer | bde <bde@FreeBSD.org> | 1997-04-14 15:54:39 +0000 |
| commit | 1c0ab07a266f3b071ce84f79a038cb7ef340396b (patch) | |
| tree | 13ae33e7ddec4a2869ffe451e056d82bcfa9375f | |
| parent | 93bc52bbfc3efe16fd656b69eca9a3d6ee133b39 (diff) | |
| download | FreeBSD-src-1c0ab07a266f3b071ce84f79a038cb7ef340396b.zip FreeBSD-src-1c0ab07a266f3b071ce84f79a038cb7ef340396b.tar.gz | |
Use the same IOPL check as in syscons.
Reviewed by: pst, joerg
| -rw-r--r-- | sys/amd64/amd64/mem.c | 8 | ||||
| -rw-r--r-- | sys/i386/i386/mem.c | 8 | ||||
| -rw-r--r-- | sys/i386/isa/pcvt/pcvt_drv.c | 15 | ||||
| -rw-r--r-- | sys/i386/isa/pcvt/pcvt_ext.c | 6 | ||||
| -rw-r--r-- | sys/i386/isa/spigot.c | 15 |
5 files changed, 41 insertions, 11 deletions
diff --git a/sys/amd64/amd64/mem.c b/sys/amd64/amd64/mem.c index a6e4cc5..9fb1525 100644 --- a/sys/amd64/amd64/mem.c +++ b/sys/amd64/amd64/mem.c @@ -38,7 +38,7 @@ * * from: Utah $Hdr: mem.c 1.13 89/10/08$ * from: @(#)mem.c 7.2 (Berkeley) 5/9/91 - * $Id$ + * $Id: mem.c,v 1.41 1997/02/22 09:32:33 peter Exp $ */ /* @@ -169,6 +169,7 @@ mmopen(dev, flags, fmt, p) int fmt; struct proc *p; { + int error; struct trapframe *fp; switch (minor(dev)) { @@ -179,6 +180,11 @@ mmopen(dev, flags, fmt, p) return ENODEV; #endif case 14: + error = suser(p->p_ucred, &p->p_acflag); + if (error != 0) + return (error); + if (securelevel > 0) + return (EPERM); fp = (struct trapframe *)curproc->p_md.md_regs; fp->tf_eflags |= PSL_IOPL; break; diff --git a/sys/i386/i386/mem.c b/sys/i386/i386/mem.c index a6e4cc5..9fb1525 100644 --- a/sys/i386/i386/mem.c +++ b/sys/i386/i386/mem.c @@ -38,7 +38,7 @@ * * from: Utah $Hdr: mem.c 1.13 89/10/08$ * from: @(#)mem.c 7.2 (Berkeley) 5/9/91 - * $Id$ + * $Id: mem.c,v 1.41 1997/02/22 09:32:33 peter Exp $ */ /* @@ -169,6 +169,7 @@ mmopen(dev, flags, fmt, p) int fmt; struct proc *p; { + int error; struct trapframe *fp; switch (minor(dev)) { @@ -179,6 +180,11 @@ mmopen(dev, flags, fmt, p) return ENODEV; #endif case 14: + error = suser(p->p_ucred, &p->p_acflag); + if (error != 0) + return (error); + if (securelevel > 0) + return (EPERM); fp = (struct trapframe *)curproc->p_md.md_regs; fp->tf_eflags |= PSL_IOPL; break; diff --git a/sys/i386/isa/pcvt/pcvt_drv.c b/sys/i386/isa/pcvt/pcvt_drv.c index e5abe05..506603a 100644 --- a/sys/i386/isa/pcvt/pcvt_drv.c +++ b/sys/i386/isa/pcvt/pcvt_drv.c @@ -1383,7 +1383,7 @@ vgapelinit(void) #if defined XSERVER && !PCVT_USL_VT_COMPAT /*----------------------------------------------------------------------* * initialize for X mode - * i.e.: grant current process (the X server) all IO priviledges, + * i.e.: grant current process (the X server) all IO privileges, * and mark in static variable so other hooks can test for it, * save all loaded fonts and screen pages to pageable buffers; * if parameter `on' is false, the same procedure is done reverse. @@ -1403,7 +1403,7 @@ pcvt_xmode_set(int on, struct proc *p) struct syscframe *fp; #endif /* PCVT_NETBSD > 9 */ - int i; + int error, i; /* X will only run on VGA and Hercules adaptors */ @@ -1419,12 +1419,15 @@ pcvt_xmode_set(int on, struct proc *p) if(on) { /* - * Test whether the calling process has super-user priviledges. + * Test whether the calling process has super-user privileges + * and we're in insecure mode. * This prevents us from granting the potential security hole - * `IO priv' to any process (effective uid is checked). + * `IO priv' to insufficiently privileged processes. */ - - if(suser(p->p_ucred, &p->p_acflag) != 0) + error = suser(p->p_ucred, &p->p_acflag); + if (error != 0) + return (error); + if (securelevel > 0) return (EPERM); if(pcvt_xmode) diff --git a/sys/i386/isa/pcvt/pcvt_ext.c b/sys/i386/isa/pcvt/pcvt_ext.c index 11a6b1e..be6a016 100644 --- a/sys/i386/isa/pcvt/pcvt_ext.c +++ b/sys/i386/isa/pcvt/pcvt_ext.c @@ -2681,6 +2681,7 @@ usl_vt_ioctl(Dev_t dev, int cmd, caddr_t data, int flag, struct proc *p) case KDENABIO: /* grant the process IO access; only allowed if euid == 0 */ + /* and insecure */ { #if PCVT_NETBSD > 9 || PCVT_FREEBSD >= 200 @@ -2691,7 +2692,10 @@ usl_vt_ioctl(Dev_t dev, int cmd, caddr_t data, int flag, struct proc *p) struct syscframe *fp = (struct syscframe *)p->p_regs; #endif - if(suser(p->p_ucred, &p->p_acflag) != 0) + error = suser(p->p_ucred, &p->p_acflag); + if (error != 0) + return (error); + if (securelevel > 0) return (EPERM); #if PCVT_NETBSD || (PCVT_FREEBSD && PCVT_FREEBSD > 102) diff --git a/sys/i386/isa/spigot.c b/sys/i386/isa/spigot.c index 2643166..c149895 100644 --- a/sys/i386/isa/spigot.c +++ b/sys/i386/isa/spigot.c @@ -149,6 +149,7 @@ spigot_attach(struct isa_device *devp) static int spigot_open(dev_t dev, int flags, int fmt, struct proc *p) { +int error; struct spigot_softc *ss = (struct spigot_softc *)&spigot_softc[UNIT(dev)]; if((ss->flags & ALIVE) == 0) @@ -158,8 +159,16 @@ struct spigot_softc *ss = (struct spigot_softc *)&spigot_softc[UNIT(dev)]; return EBUSY; #if !defined(SPIGOT_UNSECURE) - /* Since we can't map the i/o page, don't allow open unless suser */ - if(suser(p->p_ucred, &p->p_acflag) != 0) + /* + * Don't allow open() unless the process has sufficient privileges, + * since mapping the i/o page and granting i/o privilege would + * require sufficient privilege soon and nothing much can be done + * without them. + */ + error = suser(p->p_ucred, &p->p_acflag); + if (error != 0) + return error; + if (securelevel > 0) return EPERM; #endif @@ -216,6 +225,8 @@ struct spigot_info *info; error = suser(p->p_ucred, &p->p_acflag); if (error != 0) return error; + if (securelevel > 0) + return EPERM; #endif fp=(struct trapframe *)p->p_md.md_regs; fp->tf_eflags |= PSL_IOPL; |
