From owner-p4-projects@FreeBSD.ORG  Mon Jul  4 11:15:52 2005
Return-Path: <owner-p4-projects@FreeBSD.ORG>
X-Original-To: p4-projects@freebsd.org
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id DA4EC16A420; Mon,  4 Jul 2005 11:15:51 +0000 (GMT)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id ADCC816A41C
	for <perforce@freebsd.org>; Mon,  4 Jul 2005 11:15:51 +0000 (GMT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 96E1843D48
	for <perforce@freebsd.org>; Mon,  4 Jul 2005 11:15:51 +0000 (GMT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j64BFpoi003886
	for <perforce@freebsd.org>; Mon, 4 Jul 2005 11:15:51 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j64BFp5K003873
	for perforce@freebsd.org; Mon, 4 Jul 2005 11:15:51 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Mon, 4 Jul 2005 11:15:51 GMT
Message-Id: <200507041115.j64BFp5K003873@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 79535 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jul 2005 11:15:52 -0000

http://perforce.freebsd.org/chv.cgi?CH=79535

Change 79535 by rwatson@rwatson_paprika on 2005/07/04 11:15:16

	On amd64, check access to /dev/io against CAP_SYS_RAWIO.
	
	On amd64, use CAP_SYS_RAWIO to control access to setting user space
	debugging registers on kernel addresses.  However, it strikes me
	that this should likely be entirely disallowed.

Affected files ...

.. //depot/projects/trustedbsd/sebsd/sys/amd64/amd64/io.c#2 edit
.. //depot/projects/trustedbsd/sebsd/sys/amd64/amd64/machdep.c#11 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/sys/amd64/amd64/io.c#2 (text+ko) ====

@@ -28,6 +28,7 @@
 __FBSDID("$FreeBSD: src/sys/amd64/amd64/io.c,v 1.1 2004/08/01 11:40:50 markm Exp $");
 
 #include <sys/param.h>
+#include <sys/capability.h>
 #include <sys/conf.h>
 #include <sys/fcntl.h>
 #include <sys/lock.h>
@@ -54,7 +55,7 @@
 {
 	int error;
 
-	error = suser(td);
+	error = cap_check(td, CAP_SYS_RAWIO);
 	if (error != 0)
 		return (error);
 	error = securelevel_gt(td->td_ucred, 0);

==== //depot/projects/trustedbsd/sebsd/sys/amd64/amd64/machdep.c#11 (text+ko) ====

@@ -1726,9 +1726,12 @@
 		 * address space is written into from within the kernel
 		 * ... wouldn't that still cause a breakpoint to be generated
 		 * from within kernel mode?
+		 *
+		 * XXXRW: Should we allow privileged user processes to do
+		 * this at all?
 		 */
 
-		if (suser(td) != 0) {
+		if (cap_check(td, CAP_SYS_RAWIO) != 0) {
 			if (dbregs->dr[7] & 0x3) {
 				/* dr0 is enabled */
 				if (dbregs->dr[0] >= VM_MAXUSER_ADDRESS)