Make the comments a little more clear about PRIV_KMEM_*, explicitly

referring to /dev/[k]mem and noting it's about opening the files rather than actually reading and writing. Reviewed by: jmallett
2013-07-06 00:10:52 +00:00 · 2013-07-06 00:10:52 +00:00 · 1e7df84305
commit 1e7df84305
parent d36ed80a7b
2 changed files with 6 additions and 5 deletions
--- a/sys/kern/kern_priv.c
+++ b/sys/kern/kern_priv.c
@ -142,8 +142,9 @@ priv_check_cred(struct ucred *cred, int priv, int flags)
 	}

 	/*
-	 * Writes to kernel memory are a typical root-only operation,
-	 * but non-root users are expected to be able to read it.
+	 * Writes to kernel/physical memory are a typical root-only operation,
+	 * but non-root users are expected to be able to read it (provided they
+	 * have permission to access /dev/[k]mem).
 	 */
 	if (priv == PRIV_KMEM_READ) {
 		error = 0;
--- a/sys/sys/priv.h
+++ b/sys/sys/priv.h
@ -494,10 +494,10 @@
 #define	PRIV_RCTL_REMOVE_RULE	674

 /*
- * Kernel memory privileges.
+ * mem(4) privileges.
 */
-#define	PRIV_KMEM_READ		680	/* Read from kernel memory. */
-#define	PRIV_KMEM_WRITE		681	/* Write to kernel memory. */
+#define	PRIV_KMEM_READ		680	/* Open mem/kmem for reading. */
+#define	PRIV_KMEM_WRITE		681	/* Open mem/kmem for writing. */

 /*
 * Track end of privilege list.