Date: Sun, 31 Dec 1995 09:41:41 +0100 (MET) From: J Wunsch <j@uriah.heep.sax.de> To: freebsd-hackers@freebsd.org (FreeBSD hackers) Subject: Re: /dev/io Message-ID: <199512310841.JAA16189@uriah.heep.sax.de> In-Reply-To: <199512310425.PAA16666@rf900.physics.usyd.edu.au> from "David Dawes" at Dec 31, 95 03:25:46 pm
next in thread | previous in thread | raw e-mail | index | archive | help
As David Dawes wrote: > > >I wasn't even aware that this existed, but looking at the Xserver source > >it seems like BSDI, Linux, FreeBSD, and NetBSD all have it (but only > >Free/NetBSD use it for Xserver IO permission). I don't think that this would be more secure than our scheme anyway. So although it seems to be more `standard', there's nothing we would gain from another scenario. Given that it doesn't have any technical merit at all, i wonder why NetBSD even adopted it. Security considerations: Our KDENABIO is restricted to a process with effective UID 0. Our /dev/io is a security hole in that it allows group kmem processes to access the registers (and i haven't seen any reason why this might be necessary or useful). I think SysV allows any process to get access to IO registers via the IO perm bitmap. :-( (I don't know about Linux.) > The KDENABIO ioctl originates in SYSV, although in SYSV it is used > to enable ports set in an IO permission bitmap. Most X servers need > ports beyond the 0-0x3ff usually covered by such a bitmap. Also there > is a performance penalty in using the bitmap. In particular, it would require us to use CPU task switching. I believe FreeBSD's context switching behaviour has been fine-tuned to be better without separate task state segments per process. > I don't know what the XInside server does to enable I/O permission. I assume they also use the kbd driver. This interface has been established long before anything in the line of /dev/io or other calls, it even existed in the early pccons driver (though there used to be a central call for all actions required for the X server startup). -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199512310841.JAA16189>