Date: Mon, 4 Jul 2005 12:52:58 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 79546 for review Message-ID: <200507041252.j64CqwVV081703@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=79546 Change 79546 by rwatson@rwatson_paprika on 2005/07/04 12:52:26 Authorize various new/old suser() checks relating to hardware configuration, such as uploading firmware, as CAP_SYS_RAWIO. Affected files ... .. //depot/projects/trustedbsd/sebsd/sys/dev/drm/drmP.h#10 edit .. //depot/projects/trustedbsd/sebsd/sys/dev/fdc/fdc.c#3 edit .. //depot/projects/trustedbsd/sebsd/sys/dev/ipw/if_ipw.c#2 edit .. //depot/projects/trustedbsd/sebsd/sys/dev/iwi/if_iwi.c#2 edit .. //depot/projects/trustedbsd/sebsd/sys/i386/i386/io.c#2 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/sys/dev/drm/drmP.h#10 (text+ko) ==== @@ -223,7 +223,7 @@ int flags, DRM_STRUCTPROC *p, DRMFILE filp #define PAGE_ALIGN(addr) round_page(addr) -#define DRM_SUSER(p) suser(p) +#define DRM_SUSER(p) cap_check(p, CAP_SYS_RAWIO) #define DRM_AGP_FIND_DEVICE() agp_find_device() #define DRM_MTRR_WC MDF_WRITECOMBINE #define jiffies ticks ==== //depot/projects/trustedbsd/sebsd/sys/dev/fdc/fdc.c#3 (text+ko) ==== @@ -58,6 +58,7 @@ #include <sys/param.h> #include <sys/bio.h> #include <sys/bus.h> +#include <sys/capability.h> #include <sys/devicestat.h> #include <sys/disk.h> #include <sys/fcntl.h> @@ -1473,7 +1474,7 @@ return (0); case FD_CLRERR: - if (suser(td) != 0) + if (cap_check(td, CAP_SYS_RAWIO) != 0) return (EPERM); fd->fdc->fdc_errs = 0; return (0); ==== //depot/projects/trustedbsd/sebsd/sys/dev/ipw/if_ipw.c#2 (text+ko) ==== @@ -1544,7 +1544,7 @@ case SIOCSLOADFW: /* only super-user can do that! */ - if ((error = suser(curthread)) != 0) + if ((error = cap_check(curthread, CAP_SYS_RAWIO)) != 0) break; ifr = (struct ifreq *)data; @@ -1553,7 +1553,7 @@ case SIOCSKILLFW: /* only super-user can do that! */ - if ((error = suser(curthread)) != 0) + if ((error = cap_check(curthread, CAP_SYS_RAWIO)) != 0) break; ifp->if_flags &= ~IFF_UP; ==== //depot/projects/trustedbsd/sebsd/sys/dev/iwi/if_iwi.c#2 (text+ko) ==== @@ -1550,7 +1550,7 @@ case SIOCSLOADFW: /* only super-user can do that! */ - if ((error = suser(curthread)) != 0) + if ((error = cap_check(curthread, CAP_SYS_RAWIO)) != 0) break; ifr = (struct ifreq *)data; @@ -1559,7 +1559,7 @@ case SIOCSKILLFW: /* only super-user can do that! */ - if ((error = suser(curthread)) != 0) + if ((error = cap_check(curthread, CAP_SYS_RAWIO)) != 0) break; ifp->if_flags &= ~IFF_UP; ==== //depot/projects/trustedbsd/sebsd/sys/i386/i386/io.c#2 (text+ko) ==== @@ -28,6 +28,7 @@ __FBSDID("$FreeBSD: src/sys/i386/i386/io.c,v 1.1 2004/08/01 11:40:52 markm Exp $"); #include <sys/param.h> +#include <sys/capability.h> #include <sys/conf.h> #include <sys/fcntl.h> #include <sys/lock.h> @@ -54,7 +55,7 @@ { int error; - error = suser(td); + error = cap_check(td, CAP_SYS_RAWIO); if (error != 0) return (error); error = securelevel_gt(td->td_ucred, 0);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507041252.j64CqwVV081703>