From owner-freebsd-questions Wed May 23 15: 4:46 2001 Delivered-To: freebsd-questions@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 530B037B509 for ; Wed, 23 May 2001 15:04:41 -0700 (PDT) (envelope-from doug@safeport.com) Received: from localhost (doug@localhost) by fledge.watson.org (8.11.3/8.11.3) with SMTP id f4NM4Yo15522 for ; Wed, 23 May 2001 18:04:34 -0400 (EDT) (envelope-from doug@safeport.com) X-Authentication-Warning: fledge.watson.org: doug owned process doing -bs Date: Wed, 23 May 2001 18:04:34 -0400 (EDT) From: Doug Denault X-Sender: doug@fledge.watson.org To: freebsd-questions@FreeBSD.ORG Subject: Re: /dev/io: Operation not permitted In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Okay I will answer my own question here. I was messing around with security levels which I _HAD_ set to 1. From man 8 init: 1 Secure mode - the system immutable and system append-only flags may not be turned off; disks for mounted filesystems, /dev/mem, and /dev/kmem may not be opened for writing; kernel modules (see kld(4)) may not be loaded or unloaded. You can add /dev/io to the list. On Wed, 23 May 2001 doug@safeport.com wrote: > I have a 4.3 system where root can not write to /dev/io. I assume I have screwed > something up but I am told the permissions: > > crw------- 1 root wheel 2, 14 May 9 19:56 /dev/io > > are okay and indeed matches my other systems. The man page io(4) would suggest > this is hard to do: > > DESCRIPTION > The special file /dev/io is a controlled security hole that allows a pro- > cess to gain I/O privileges (which are normally reserved for kernel- > internal code). Any process that holds a file descriptor on /dev/io open > will get its IOPL bits in the flag register set, thus allowing it to per- > form direct I/O operations. This can be useful in order to write user- > land programs that handle some hardware directly. > > The entire access control is handled by the file access permissions of > /dev/io, so care should be taken in granting rights for this device. > Note that even read/only access will grant the full I/O privileges. > > However: > > Last login: Tue May 22 18:21:34 2001 from pemaquid.boltsys > Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 > The Regents of the University of California. All rights reserved. > FreeBSD 4.3-RELEASE (GENERIC) #0: Sat Apr 21 10:54:49 GMT 2001 > > Welcome to FreeBSD! > > mneme:~> su > Password: > mneme:/home/doug# echo "poo I say" > /dev/io > /dev/io: Operation not permitted. > __________________________________________ > > The reason I care is XFree86 -configure fail with the same error. This system > was installed from ftp.freebsd.org on 5/20 > > > _____ > Douglas Denault > doug@safeport.com > Voice: 301-469-8766 > Fax: 301-469-0601 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message