Date: Thu, 24 May 2001 16:55:06 +0930 From: Greg Lehey <grog@lemis.com> To: Doug Denault <doug@safeport.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: /dev/io: Operation not permitted Message-ID: <20010524165506.I81537@wantadilla.lemis.com> In-Reply-To: <Pine.BSF.3.96.1010523175346.14934B-100000@fledge.watson.org>; from doug@safeport.com on Wed, May 23, 2001 at 06:04:34PM -0400 References: <Pine.BSF.4.21.0105231727170.6227-100000@pemaquid.safeport.com> <Pine.BSF.3.96.1010523175346.14934B-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday, 23 May 2001 at 18:04:34 -0400, Doug Denault wrote: > On Wed, 23 May 2001 doug@safeport.com wrote: >> I have a 4.3 system where root can not write to /dev/io. I assume I have screwed >> something up but I am told the permissions: >> >> crw------- 1 root wheel 2, 14 May 9 19:56 /dev/io >> >> are okay and indeed matches my other systems. The man page io(4) would suggest >> this is hard to do: >> >> DESCRIPTION >> The special file /dev/io is a controlled security hole that allows a pro- >> cess to gain I/O privileges (which are normally reserved for kernel- >> internal code). Any process that holds a file descriptor on /dev/io open >> will get its IOPL bits in the flag register set, thus allowing it to per- >> form direct I/O operations. This can be useful in order to write user- >> land programs that handle some hardware directly. >> >> The entire access control is handled by the file access permissions of >> /dev/io, so care should be taken in granting rights for this device. >> Note that even read/only access will grant the full I/O privileges. >> >> However: >> >> Last login: Tue May 22 18:21:34 2001 from pemaquid.boltsys >> Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 >> The Regents of the University of California. All rights reserved. >> FreeBSD 4.3-RELEASE (GENERIC) #0: Sat Apr 21 10:54:49 GMT 2001 >> >> Welcome to FreeBSD! >> >> mneme:~> su >> Password: >> mneme:/home/doug# echo "poo I say" > /dev/io >> /dev/io: Operation not permitted. > > Okay I will answer my own question here. I was messing around with > security levels which I _HAD_ set to 1. From man 8 init: > > 1 Secure mode - the system immutable and system append-only flags may > not be turned off; disks for mounted filesystems, /dev/mem, and > /dev/kmem may not be opened for writing; kernel modules (see > kld(4)) may not be loaded or unloaded. > > You can add /dev/io to the list. This too is correct. Does it work if you use securelevel 0? Greg -- When replying to this message, please copy the original recipients. If you don't, I may ignore the reply. For more information, see http://www.lemis.com/questions.html Finger grog@lemis.com for PGP public key See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010524165506.I81537>