Date: Wed, 23 May 2001 18:04:34 -0400 (EDT) From: Doug Denault <doug@safeport.com> To: freebsd-questions@FreeBSD.ORG Subject: Re: /dev/io: Operation not permitted Message-ID: <Pine.BSF.3.96.1010523175346.14934B-100000@fledge.watson.org> In-Reply-To: <Pine.BSF.4.21.0105231727170.6227-100000@pemaquid.safeport.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Okay I will answer my own question here. I was messing around with
security levels which I _HAD_ set to 1. From man 8 init:
1 Secure mode - the system immutable and system append-only flags may
not be turned off; disks for mounted filesystems, /dev/mem, and
/dev/kmem may not be opened for writing; kernel modules (see
kld(4)) may not be loaded or unloaded.
You can add /dev/io to the list.
On Wed, 23 May 2001 doug@safeport.com wrote:
> I have a 4.3 system where root can not write to /dev/io. I assume I have screwed
> something up but I am told the permissions:
>
> crw------- 1 root wheel 2, 14 May 9 19:56 /dev/io
>
> are okay and indeed matches my other systems. The man page io(4) would suggest
> this is hard to do:
>
> DESCRIPTION
> The special file /dev/io is a controlled security hole that allows a pro-
> cess to gain I/O privileges (which are normally reserved for kernel-
> internal code). Any process that holds a file descriptor on /dev/io open
> will get its IOPL bits in the flag register set, thus allowing it to per-
> form direct I/O operations. This can be useful in order to write user-
> land programs that handle some hardware directly.
>
> The entire access control is handled by the file access permissions of
> /dev/io, so care should be taken in granting rights for this device.
> Note that even read/only access will grant the full I/O privileges.
>
> However:
>
> Last login: Tue May 22 18:21:34 2001 from pemaquid.boltsys
> Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
> The Regents of the University of California. All rights reserved.
> FreeBSD 4.3-RELEASE (GENERIC) #0: Sat Apr 21 10:54:49 GMT 2001
>
> Welcome to FreeBSD!
>
> mneme:~> su
> Password:
> mneme:/home/doug# echo "poo I say" > /dev/io
> /dev/io: Operation not permitted.
> __________________________________________
>
> The reason I care is XFree86 -configure fail with the same error. This system
> was installed from ftp.freebsd.org on 5/20
>
>
> _____
> Douglas Denault
> doug@safeport.com
> Voice: 301-469-8766
> Fax: 301-469-0601
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1010523175346.14934B-100000>