Date: Mon, 4 Jul 2005 11:15:51 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 79535 for review Message-ID: <200507041115.j64BFp5K003873@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=79535 Change 79535 by rwatson@rwatson_paprika on 2005/07/04 11:15:16 On amd64, check access to /dev/io against CAP_SYS_RAWIO. On amd64, use CAP_SYS_RAWIO to control access to setting user space debugging registers on kernel addresses. However, it strikes me that this should likely be entirely disallowed. Affected files ... .. //depot/projects/trustedbsd/sebsd/sys/amd64/amd64/io.c#2 edit .. //depot/projects/trustedbsd/sebsd/sys/amd64/amd64/machdep.c#11 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/sys/amd64/amd64/io.c#2 (text+ko) ==== @@ -28,6 +28,7 @@ __FBSDID("$FreeBSD: src/sys/amd64/amd64/io.c,v 1.1 2004/08/01 11:40:50 markm Exp $"); #include <sys/param.h> +#include <sys/capability.h> #include <sys/conf.h> #include <sys/fcntl.h> #include <sys/lock.h> @@ -54,7 +55,7 @@ { int error; - error = suser(td); + error = cap_check(td, CAP_SYS_RAWIO); if (error != 0) return (error); error = securelevel_gt(td->td_ucred, 0); ==== //depot/projects/trustedbsd/sebsd/sys/amd64/amd64/machdep.c#11 (text+ko) ==== @@ -1726,9 +1726,12 @@ * address space is written into from within the kernel * ... wouldn't that still cause a breakpoint to be generated * from within kernel mode? + * + * XXXRW: Should we allow privileged user processes to do + * this at all? */ - if (suser(td) != 0) { + if (cap_check(td, CAP_SYS_RAWIO) != 0) { if (dbregs->dr[7] & 0x3) { /* dr0 is enabled */ if (dbregs->dr[0] >= VM_MAXUSER_ADDRESS)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507041115.j64BFp5K003873>