From owner-freebsd-security Sun Jan 21 12:52:50 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (pop.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id 0B66937B400 for ; Sun, 21 Jan 2001 12:52:33 -0800 (PST) Received: (qmail 17193 invoked by uid 0); 21 Jan 2001 20:52:29 -0000 Received: from pc19ebf65.dip.t-dialin.net (HELO forge.local) (193.158.191.101) by mail.gmx.net (mp002-rz3) with SMTP; 21 Jan 2001 20:52:29 -0000 Received: from thomas by forge.local with local (Exim 3.16 #1 (Debian)) id 14KRTN-0000de-00 for ; Sun, 21 Jan 2001 21:52:25 +0100 Date: Sun, 21 Jan 2001 21:52:25 +0100 To: freebsd-security@freebsd.org Subject: aperture driver for FreeBSD Message-ID: <20010121215225.A2033@crow.dom2ip.de> Mail-Followup-To: tmoestl@gmx.net, freebsd-security@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i From: Thomas Moestl Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, as I have mentioned some time ago on this list, I have been porting then XFree86/OpenBSD aperture "driver" to FreeBSD. For those who do not know, the OpenBSD aperture driver enables running X even when the securelevel is raised by allowing access to the memory range from 0xa0000 to 0xfffff (via /dev/mem) and to all io ports (via i386_iopl). I have extended the concept to allow a list of io and memory regions for which access is allowed. These regions are settable via a machdep sysctl (the implementation is currently only for the i386 arch, but should be relatively easy to port). Another sysctl knob is used to turn the aperture driver on and off, and set the mode. There are currently two modes defined, one gives access to the io regions as defined in the respective sysctl when a process opens /dev/io (using the io permission bitmap), and the second will give full port access (using IOPL). The second mode is needed because some XFree86 drivers use cli and sti (ugh!), but it is obviously less secure. A great disadvantage of the first mode is that processes will just get a SIGBUS when trying to acess a forbidden port (even when it has opened /dev/io, which should guarantee full io privileges). This is admittedly unclean; the relevant applications should be changed to use i386_set_ioperm (which was modified to allow access to the specified port ranges even when securelevel is raised, provided that the aperture driver was enabled via the respective sysctl). This change is apparently very non-trivial for X. Unfortunately, it is also not easy to figure out the port ranges X wants to access for a specified driver; using only the detected io range for the card (plus maybe some static additions) will not work for at least some drivers. The patch is at http://www.tu-bs.de/~y0015675/aperture.diff , and a little additional info can be found at http://www.tu-bs.de/~y0015675/README.aperture Any comments? Any chance that this can go in someday? - thomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message