diff options
-rw-r--r-- | sys/dev/acpica/acpi.c | 12 | ||||
-rw-r--r-- | sys/dev/acpica/acpi_acad.c | 5 | ||||
-rw-r--r-- | sys/dev/acpica/acpi_battery.c | 6 | ||||
-rw-r--r-- | sys/dev/acpica/acpi_cmbat.c | 5 |
4 files changed, 27 insertions, 1 deletions
diff --git a/sys/dev/acpica/acpi.c b/sys/dev/acpica/acpi.c index 44ebe3d..9da9e6d 100644 --- a/sys/dev/acpica/acpi.c +++ b/sys/dev/acpica/acpi.c @@ -33,6 +33,7 @@ #include <sys/param.h> #include <sys/kernel.h> #include <sys/proc.h> +#include <sys/fcntl.h> #include <sys/malloc.h> #include <sys/bus.h> #include <sys/conf.h> @@ -487,7 +488,7 @@ acpi_attach(device_t dev) /* * Create the control device */ - sc->acpi_dev_t = make_dev(&acpi_cdevsw, 0, UID_ROOT, GID_WHEEL, 0600, + sc->acpi_dev_t = make_dev(&acpi_cdevsw, 0, UID_ROOT, GID_WHEEL, 0644, "acpi"); sc->acpi_dev_t->si_drv1 = sc; @@ -1844,6 +1845,15 @@ acpiioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, d_thread_t *td) } /* + * Core ioctls are not permitted for non-writable user. + * Currently, other ioctls just fetch information. + * Not changing system behavior. + */ + if(!(flag & FWRITE)){ + return EPERM; + } + + /* * Core system ioctls. */ switch (cmd) { diff --git a/sys/dev/acpica/acpi_acad.c b/sys/dev/acpica/acpi_acad.c index d7e8ebd..09bb149 100644 --- a/sys/dev/acpica/acpi_acad.c +++ b/sys/dev/acpica/acpi_acad.c @@ -195,6 +195,11 @@ acpi_acad_ioctl(u_long cmd, caddr_t addr, void *arg) return(ENXIO); } + /* + * No security check required: information retrieval only. If + * new functions are added here, a check might be required. + */ + switch (cmd) { case ACPIIO_ACAD_GET_STATUS: acpi_acad_get_status(dev); diff --git a/sys/dev/acpica/acpi_battery.c b/sys/dev/acpica/acpi_battery.c index 329d64a..e26aee1 100644 --- a/sys/dev/acpica/acpi_battery.c +++ b/sys/dev/acpica/acpi_battery.c @@ -138,6 +138,12 @@ acpi_battery_ioctl(u_long cmd, caddr_t addr, void *arg) ioctl_arg = (union acpi_battery_ioctl_arg *)addr; error = 0; + + /* + * No security check required: information retrieval only. If + * new functions are added here, a check might be required. + */ + switch (cmd) { case ACPIIO_BATT_GET_UNITS: *(int *)addr = acpi_battery_get_units(); diff --git a/sys/dev/acpica/acpi_cmbat.c b/sys/dev/acpica/acpi_cmbat.c index 804614c..1cfd584 100644 --- a/sys/dev/acpica/acpi_cmbat.c +++ b/sys/dev/acpica/acpi_cmbat.c @@ -405,6 +405,11 @@ acpi_cmbat_ioctl(u_long cmd, caddr_t addr, void *arg) return (ENXIO); } + /* + * No security check required: information retrieval only. If + * new functions are added here, a check might be required. + */ + switch (cmd) { case ACPIIO_CMBAT_GET_BIF: acpi_cmbat_get_bif(dev); |