From owner-freebsd-questions Thu May 24 0:25:13 2001 Delivered-To: freebsd-questions@freebsd.org Received: from wantadilla.lemis.com (wantadilla.lemis.com [192.109.197.80]) by hub.freebsd.org (Postfix) with ESMTP id DB12337B424 for ; Thu, 24 May 2001 00:25:07 -0700 (PDT) (envelope-from grog@lemis.com) Received: by wantadilla.lemis.com (Postfix, from userid 1004) id 76D206ACBC; Thu, 24 May 2001 16:55:06 +0930 (CST) Date: Thu, 24 May 2001 16:55:06 +0930 From: Greg Lehey To: Doug Denault Cc: freebsd-questions@FreeBSD.ORG Subject: Re: /dev/io: Operation not permitted Message-ID: <20010524165506.I81537@wantadilla.lemis.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from doug@safeport.com on Wed, May 23, 2001 at 06:04:34PM -0400 Organization: LEMIS, PO Box 460, Echunga SA 5153, Australia Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-418-838-708 WWW-Home-Page: http://www.lemis.com/~grog X-PGP-Fingerprint: 6B 7B C3 8C 61 CD 54 AF 13 24 52 F8 6D A4 95 EF Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wednesday, 23 May 2001 at 18:04:34 -0400, Doug Denault wrote: > On Wed, 23 May 2001 doug@safeport.com wrote: >> I have a 4.3 system where root can not write to /dev/io. I assume I have screwed >> something up but I am told the permissions: >> >> crw------- 1 root wheel 2, 14 May 9 19:56 /dev/io >> >> are okay and indeed matches my other systems. The man page io(4) would suggest >> this is hard to do: >> >> DESCRIPTION >> The special file /dev/io is a controlled security hole that allows a pro- >> cess to gain I/O privileges (which are normally reserved for kernel- >> internal code). Any process that holds a file descriptor on /dev/io open >> will get its IOPL bits in the flag register set, thus allowing it to per- >> form direct I/O operations. This can be useful in order to write user- >> land programs that handle some hardware directly. >> >> The entire access control is handled by the file access permissions of >> /dev/io, so care should be taken in granting rights for this device. >> Note that even read/only access will grant the full I/O privileges. >> >> However: >> >> Last login: Tue May 22 18:21:34 2001 from pemaquid.boltsys >> Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 >> The Regents of the University of California. All rights reserved. >> FreeBSD 4.3-RELEASE (GENERIC) #0: Sat Apr 21 10:54:49 GMT 2001 >> >> Welcome to FreeBSD! >> >> mneme:~> su >> Password: >> mneme:/home/doug# echo "poo I say" > /dev/io >> /dev/io: Operation not permitted. > > Okay I will answer my own question here. I was messing around with > security levels which I _HAD_ set to 1. From man 8 init: > > 1 Secure mode - the system immutable and system append-only flags may > not be turned off; disks for mounted filesystems, /dev/mem, and > /dev/kmem may not be opened for writing; kernel modules (see > kld(4)) may not be loaded or unloaded. > > You can add /dev/io to the list. This too is correct. Does it work if you use securelevel 0? Greg -- When replying to this message, please copy the original recipients. If you don't, I may ignore the reply. For more information, see http://www.lemis.com/questions.html Finger grog@lemis.com for PGP public key See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message