diff options
| author | jamie <jamie@FreeBSD.org> | 2013-07-05 21:31:16 +0000 |
|---|---|---|
| committer | jamie <jamie@FreeBSD.org> | 2013-07-05 21:31:16 +0000 |
| commit | 33714247f6f8142b4840d7f4b94a28921bcf2076 (patch) | |
| tree | 27053ab76be2f31865a9a3cba2472860fcc9f592 /sys/kern/kern_priv.c | |
| parent | be7444451060bb6bbf361f251d66c2a5c689d37f (diff) | |
| download | FreeBSD-src-33714247f6f8142b4840d7f4b94a28921bcf2076.zip FreeBSD-src-33714247f6f8142b4840d7f4b94a28921bcf2076.tar.gz | |
Add new privileges, PRIV_KMEM_READ and PRIV_KMEM_WRITE, used in opening
/dev/kmem and /dev/mem (in addition to traditional file permission checks).
PRIV_KMEM_READ is different from other PRIV_* checks in that it's allowed
by default.
Reviewed by: kib, mckusick
Diffstat (limited to 'sys/kern/kern_priv.c')
| -rw-r--r-- | sys/kern/kern_priv.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/sys/kern/kern_priv.c b/sys/kern/kern_priv.c index fcd5993..204e00b 100644 --- a/sys/kern/kern_priv.c +++ b/sys/kern/kern_priv.c @@ -142,6 +142,15 @@ priv_check_cred(struct ucred *cred, int priv, int flags) } /* + * Writes to kernel memory are a typical root-only operation, + * but non-root users are expected to be able to read it. + */ + if (priv == PRIV_KMEM_READ) { + error = 0; + goto out; + } + + /* * Now check with MAC, if enabled, to see if a policy module grants * privilege. */ |
