Dike out a highly insecure UCONSOLE option.

TIOCCONS must be able to VOP_ACCESS() /dev/console to succeed. Obtained from: OpenBSD
2002-04-03 10:56:59 +00:00 · 2002-04-03 10:56:59 +00:00 · 12c79eb288
commit 12c79eb288
parent 5cb87b0c59
14 changed files with 14 additions and 23 deletions
--- a/sys/alpha/conf/GENERIC
+++ b/sys/alpha/conf/GENERIC
@ -63,7 +63,6 @@ options 	PROCFS			#Process filesystem (requires PSEUDOFS)
 options 	PSEUDOFS		#Pseudo-filesystem framework
 options 	COMPAT_43		#Compatible with BSD 4.3 [KEEP THIS!]
 options 	SCSI_DELAY=15000	#Delay (in ms) before probing SCSI 
-options 	UCONSOLE		#Allow users to grab the console
 options 	KTRACE			#ktrace(1) syscall trace support
 options 	SYSVSHM			#SYSV-style shared memory
 options 	SYSVMSG			#SYSV-style message queues
--- a/sys/alpha/conf/NOTES
+++ b/sys/alpha/conf/NOTES
@ -63,7 +63,6 @@ options 	PROCFS			#Process filesystem (requires PSEUDOFS)
 options 	PSEUDOFS		#Pseudo-filesystem framework
 options 	COMPAT_43		#Compatible with BSD 4.3 [KEEP THIS!]
 options 	SCSI_DELAY=15000	#Delay (in ms) before probing SCSI 
-options 	UCONSOLE		#Allow users to grab the console
 options 	KTRACE			#ktrace(1) syscall trace support
 options 	SYSVSHM			#SYSV-style shared memory
 options 	SYSVMSG			#SYSV-style message queues
--- a/sys/alpha/conf/SIMOS
+++ b/sys/alpha/conf/SIMOS
@ -31,7 +31,6 @@ options 	PROCFS			#Process filesystem (requires PSEUDOFS)
 options 	PSEUDOFS		#Pseudo-filesystem framework
 options 	"COMPAT_43"		#Compatible with BSD 4.3 [KEEP THIS!]
 options 	SCSI_DELAY=100		#Be pessimistic about Joe SCSI device
-options 	UCONSOLE		#Allow users to grab the console

 config		kernel

--- a/sys/amd64/conf/GENERIC
+++ b/sys/amd64/conf/GENERIC
@ -44,7 +44,6 @@ options 	PROCFS			#Process filesystem (requires PSEUDOFS)
 options 	PSEUDOFS		#Pseudo-filesystem framework
 options 	COMPAT_43		#Compatible with BSD 4.3 [KEEP THIS!]
 options 	SCSI_DELAY=15000	#Delay (in ms) before probing SCSI
-options 	UCONSOLE		#Allow users to grab the console
 #options 	USERCONFIG		#boot -c editor
 #options 	VISUAL_USERCONFIG	#visual boot -c editor
 options 	KTRACE			#ktrace(1) support
--- a/sys/conf/NOTES
+++ b/sys/conf/NOTES
@ -427,10 +427,6 @@ options 	PERFMON
 options 	COMPILING_LINT


-# XXX - this doesn't belong here.
-# Allow ordinary users to take the console - this is useful for X.
-options 	UCONSOLE
-
 # XXX - this doesn't belong here either
 #options 	USERCONFIG		#boot -c editor
 #options 	INTRO_USERCONFIG	#imply -c and show intro screen
--- a/sys/conf/options
+++ b/sys/conf/options
@ -97,7 +97,6 @@ MSGMNI		opt_sysvipc.h
 MSGSEG		opt_sysvipc.h
 MSGSSZ		opt_sysvipc.h
 MSGTQL		opt_sysvipc.h
-UCONSOLE
 VFS_AIO

 # POSIX kernel options
--- a/sys/i386/conf/GENERIC
+++ b/sys/i386/conf/GENERIC
@ -44,7 +44,6 @@ options 	PROCFS			#Process filesystem (requires PSEUDOFS)
 options 	PSEUDOFS		#Pseudo-filesystem framework
 options 	COMPAT_43		#Compatible with BSD 4.3 [KEEP THIS!]
 options 	SCSI_DELAY=15000	#Delay (in ms) before probing SCSI
-options 	UCONSOLE		#Allow users to grab the console
 #options 	USERCONFIG		#boot -c editor
 #options 	VISUAL_USERCONFIG	#visual boot -c editor
 options 	KTRACE			#ktrace(1) support
--- a/sys/i386/conf/NEWCARD
+++ b/sys/i386/conf/NEWCARD
@ -48,7 +48,6 @@ options 	PROCFS			#Process filesystem (requires PSEUDOFS)
 options 	PSEUDOFS		#Pseudo-filesystem framework
 options 	COMPAT_43		#Compatible with BSD 4.3 [KEEP THIS!]
 options 	SCSI_DELAY=15000	#Delay (in ms) before probing SCSI
-options 	UCONSOLE		#Allow users to grab the console
 #options 	USERCONFIG		#boot -c editor
 #options 	VISUAL_USERCONFIG	#visual boot -c editor
 options 	KTRACE			#ktrace(1) support
--- a/sys/i386/conf/NOTES
+++ b/sys/i386/conf/NOTES
@ -427,10 +427,6 @@ options 	PERFMON
 options 	COMPILING_LINT


-# XXX - this doesn't belong here.
-# Allow ordinary users to take the console - this is useful for X.
-options 	UCONSOLE
-
 # XXX - this doesn't belong here either
 #options 	USERCONFIG		#boot -c editor
 #options 	INTRO_USERCONFIG	#imply -c and show intro screen
--- a/sys/ia64/conf/GENERIC
+++ b/sys/ia64/conf/GENERIC
@ -48,7 +48,6 @@ options 	PROCFS			#Process filesystem (requires PSEUDOFS)
 options 	PSEUDOFS		#Pseudo-filesystem framework
 options 	COMPAT_43		#Compatible with BSD 4.3 [KEEP THIS!]
 options 	SCSI_DELAY=15000	#Delay (in ms) before probing SCSI 
-options 	UCONSOLE		#Allow users to grab the console
 options 	KTRACE			#ktrace(1) syscall trace support
 options 	SYSVSHM			#SYSV-style shared memory
 options 	SYSVMSG			#SYSV-style message queues
--- a/sys/ia64/conf/SKI
+++ b/sys/ia64/conf/SKI
@ -47,7 +47,6 @@ options 	PROCFS			#Process filesystem (requires PSEUDOFS)
 options 	PSEUDOFS		#Pseudo-filesystem framework
 options 	COMPAT_43		#Compatible with BSD 4.3 [KEEP THIS!]
 options 	SCSI_DELAY=2000		#Delay (in ms) before probing SCSI 
-options 	UCONSOLE		#Allow users to grab the console
 options 	KTRACE			#ktrace(1) syscall trace support
 options 	SYSVSHM			#SYSV-style shared memory
 options 	SYSVMSG			#SYSV-style message queues
--- a/sys/kern/tty.c
+++ b/sys/kern/tty.c
@ -68,13 +68,13 @@
 */

 #include "opt_compat.h"
-#include "opt_uconsole.h"

 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/filio.h>
 #include <sys/lock.h>
 #include <sys/mutex.h>
+#include <sys/namei.h>
 #include <sys/sx.h>
 #if defined(COMPAT_43) || defined(COMPAT_SUNOS)
 #include <sys/ioctl_compat.h>
@ -849,13 +849,23 @@ ttioctl(tp, cmd, data, flag)
 	}
 	case TIOCCONS:			/* become virtual console */
 		if (*(int *)data) {
+			struct nameidata nid;
+
 			if (constty && constty != tp &&
 			    ISSET(constty->t_state, TS_CONNECTED))
 				return (EBUSY);
-#ifndef	UCONSOLE
-			if ((error = suser(td)) != 0)
+
+			/* Ensure user can open the real console. */
+			NDINIT(&nid, LOOKUP, LOCKLEAF | FOLLOW, UIO_SYSSPACE,
+			    "/dev/console", td);
+			if ((error = namei(&nid)) != 0)
 				return (error);
-#endif
+			NDFREE(&nid, NDF_ONLY_PNBUF);
+			error = VOP_ACCESS(nid.ni_vp, VREAD, td->td_ucred, td);
+			vput(nid.ni_vp);
+			if (error)
+				return (error);
+
 			constty = tp;
 		} else if (tp == constty)
 			constty = NULL;
--- a/sys/pc98/conf/GENERIC
+++ b/sys/pc98/conf/GENERIC
@ -49,7 +49,6 @@ options 	COMPAT_43		#Compatible with BSD 4.3 [KEEP THIS!]
 options 	SCSI_DELAY=15000	#Delay (in ms) before probing SCSI
 options 	EPSON_BOUNCEDMA		#use bounce buufer for 15-16M
 #options 	EPSON_MEMWIN		#EPSON memory window support
-options 	UCONSOLE		#Allow users to grab the console
 #options 	LINE30
 #options 	USERCONFIG		#boot -c editor
 #options 	VISUAL_USERCONFIG	#visual boot -c editor
--- a/sys/sparc64/conf/GENERIC
+++ b/sys/sparc64/conf/GENERIC
@ -49,7 +49,6 @@ options 	PROCFS			#Process filesystem (requires PSEUDOFS)
 options 	PSEUDOFS		#Pseudo-filesystem framework
 options 	COMPAT_43		#Compatible with BSD 4.3 [KEEP THIS!]
 #options 	SCSI_DELAY=15000	#Delay (in ms) before probing SCSI 
-#options 	UCONSOLE		#Allow users to grab the console
 options 	KTRACE			#ktrace(1) syscall trace support
 options 	SYSVSHM			#SYSV-style shared memory
 options 	SYSVMSG			#SYSV-style message queues