Use the same IOPL check as in syscons.
Reviewed by: pst, joerg
This commit is contained in:
bde
parent
93bc52bbfc
commit
1c0ab07a26
@ -38,7 +38,7 @@
|
||||
*
|
||||
* from: Utah $Hdr: mem.c 1.13 89/10/08$
|
||||
* from: @(#)mem.c 7.2 (Berkeley) 5/9/91
|
||||
* $Id$
|
||||
* $Id: mem.c,v 1.41 1997/02/22 09:32:33 peter Exp $
|
||||
*/
|
||||
|
||||
/*
|
||||
@ -169,6 +169,7 @@ mmopen(dev, flags, fmt, p)
|
||||
int fmt;
|
||||
struct proc *p;
|
||||
{
|
||||
int error;
|
||||
struct trapframe *fp;
|
||||
|
||||
switch (minor(dev)) {
|
||||
@ -179,6 +180,11 @@ mmopen(dev, flags, fmt, p)
|
||||
return ENODEV;
|
||||
#endif
|
||||
case 14:
|
||||
error = suser(p->p_ucred, &p->p_acflag);
|
||||
if (error != 0)
|
||||
return (error);
|
||||
if (securelevel > 0)
|
||||
return (EPERM);
|
||||
fp = (struct trapframe *)curproc->p_md.md_regs;
|
||||
fp->tf_eflags |= PSL_IOPL;
|
||||
break;
|
||||
|
||||
@ -38,7 +38,7 @@
|
||||
*
|
||||
* from: Utah $Hdr: mem.c 1.13 89/10/08$
|
||||
* from: @(#)mem.c 7.2 (Berkeley) 5/9/91
|
||||
* $Id$
|
||||
* $Id: mem.c,v 1.41 1997/02/22 09:32:33 peter Exp $
|
||||
*/
|
||||
|
||||
/*
|
||||
@ -169,6 +169,7 @@ mmopen(dev, flags, fmt, p)
|
||||
int fmt;
|
||||
struct proc *p;
|
||||
{
|
||||
int error;
|
||||
struct trapframe *fp;
|
||||
|
||||
switch (minor(dev)) {
|
||||
@ -179,6 +180,11 @@ mmopen(dev, flags, fmt, p)
|
||||
return ENODEV;
|
||||
#endif
|
||||
case 14:
|
||||
error = suser(p->p_ucred, &p->p_acflag);
|
||||
if (error != 0)
|
||||
return (error);
|
||||
if (securelevel > 0)
|
||||
return (EPERM);
|
||||
fp = (struct trapframe *)curproc->p_md.md_regs;
|
||||
fp->tf_eflags |= PSL_IOPL;
|
||||
break;
|
||||
|
||||
@ -1383,7 +1383,7 @@ vgapelinit(void)
|
||||
#if defined XSERVER && !PCVT_USL_VT_COMPAT
|
||||
/*----------------------------------------------------------------------*
|
||||
* initialize for X mode
|
||||
* i.e.: grant current process (the X server) all IO priviledges,
|
||||
* i.e.: grant current process (the X server) all IO privileges,
|
||||
* and mark in static variable so other hooks can test for it,
|
||||
* save all loaded fonts and screen pages to pageable buffers;
|
||||
* if parameter `on' is false, the same procedure is done reverse.
|
||||
@ -1403,7 +1403,7 @@ pcvt_xmode_set(int on, struct proc *p)
|
||||
struct syscframe *fp;
|
||||
#endif /* PCVT_NETBSD > 9 */
|
||||
|
||||
int i;
|
||||
int error, i;
|
||||
|
||||
/* X will only run on VGA and Hercules adaptors */
|
||||
|
||||
@ -1419,12 +1419,15 @@ pcvt_xmode_set(int on, struct proc *p)
|
||||
if(on)
|
||||
{
|
||||
/*
|
||||
* Test whether the calling process has super-user priviledges.
|
||||
* Test whether the calling process has super-user privileges
|
||||
* and we're in insecure mode.
|
||||
* This prevents us from granting the potential security hole
|
||||
* `IO priv' to any process (effective uid is checked).
|
||||
* `IO priv' to insufficiently privileged processes.
|
||||
*/
|
||||
|
||||
if(suser(p->p_ucred, &p->p_acflag) != 0)
|
||||
error = suser(p->p_ucred, &p->p_acflag);
|
||||
if (error != 0)
|
||||
return (error);
|
||||
if (securelevel > 0)
|
||||
return (EPERM);
|
||||
|
||||
if(pcvt_xmode)
|
||||
|
||||
@ -2681,6 +2681,7 @@ usl_vt_ioctl(Dev_t dev, int cmd, caddr_t data, int flag, struct proc *p)
|
||||
|
||||
case KDENABIO:
|
||||
/* grant the process IO access; only allowed if euid == 0 */
|
||||
/* and insecure */
|
||||
{
|
||||
|
||||
#if PCVT_NETBSD > 9 || PCVT_FREEBSD >= 200
|
||||
@ -2691,7 +2692,10 @@ usl_vt_ioctl(Dev_t dev, int cmd, caddr_t data, int flag, struct proc *p)
|
||||
struct syscframe *fp = (struct syscframe *)p->p_regs;
|
||||
#endif
|
||||
|
||||
if(suser(p->p_ucred, &p->p_acflag) != 0)
|
||||
error = suser(p->p_ucred, &p->p_acflag);
|
||||
if (error != 0)
|
||||
return (error);
|
||||
if (securelevel > 0)
|
||||
return (EPERM);
|
||||
|
||||
#if PCVT_NETBSD || (PCVT_FREEBSD && PCVT_FREEBSD > 102)
|
||||
|
||||
@ -149,6 +149,7 @@ spigot_attach(struct isa_device *devp)
|
||||
static int
|
||||
spigot_open(dev_t dev, int flags, int fmt, struct proc *p)
|
||||
{
|
||||
int error;
|
||||
struct spigot_softc *ss = (struct spigot_softc *)&spigot_softc[UNIT(dev)];
|
||||
|
||||
if((ss->flags & ALIVE) == 0)
|
||||
@ -158,8 +159,16 @@ struct spigot_softc *ss = (struct spigot_softc *)&spigot_softc[UNIT(dev)];
|
||||
return EBUSY;
|
||||
|
||||
#if !defined(SPIGOT_UNSECURE)
|
||||
/* Since we can't map the i/o page, don't allow open unless suser */
|
||||
if(suser(p->p_ucred, &p->p_acflag) != 0)
|
||||
/*
|
||||
* Don't allow open() unless the process has sufficient privileges,
|
||||
* since mapping the i/o page and granting i/o privilege would
|
||||
* require sufficient privilege soon and nothing much can be done
|
||||
* without them.
|
||||
*/
|
||||
error = suser(p->p_ucred, &p->p_acflag);
|
||||
if (error != 0)
|
||||
return error;
|
||||
if (securelevel > 0)
|
||||
return EPERM;
|
||||
#endif
|
||||
|
||||
@ -216,6 +225,8 @@ struct spigot_info *info;
|
||||
error = suser(p->p_ucred, &p->p_acflag);
|
||||
if (error != 0)
|
||||
return error;
|
||||
if (securelevel > 0)
|
||||
return EPERM;
|
||||
#endif
|
||||
fp=(struct trapframe *)p->p_md.md_regs;
|
||||
fp->tf_eflags |= PSL_IOPL;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user