I posted some patches on the 386bsd_patchkit list to prohibit io access.
Because of a noninitialised filed in the tss, this was possible.
It is included below as the patch to machdep.c
However, when you do this *necessary* fix (security), it will be
impossible form within user space to do io.
therefor, I included another fix: when you open /dev/io, you
get the access. Of course you can rewrite it to use another minor
and thus giving access to the iospace when /dev/mem is opened, e.g.
NOTE: The /dev/io entry has not been added to /dev/MAKEDEV yet.
The patch is in NetBSD.
profiling, and various protection checks that cause security holes
and system crashes.
* Changed min/max/bcmp/ffs/strlen to be static inline functions
- included from cpufunc.h in via systm.h. This change
improves performance in many parts of the kernel - up to 5% in the
networking layer alone. Note that this requires systm.h to be included
in any file that uses these functions otherwise it won't be able to
find them during the load.
* Fixed incorrect call to splx() in if_is.c
* Fixed bogus variable assignment to splx() in if_ed.c
argument definitions outside of the function parameter list. This is
to reduce the copious warning messages that (non-Jolitz) gcc produces.
Also fixed some bogus variable declarations and casts to make the
compiler happy.
way of doing things. There still remain several drivers that need to
be updated. Also added a compile-time option to pccons to switch the
control and caps-lock keys (REVERSE_CAPS_CTRL) - added for my personal
sanity.
