From owner-freebsd-commit Sat Oct 14 01:03:27 1995 Return-Path: owner-commit Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id BAA28735 for freebsd-commit-outgoing; Sat, 14 Oct 1995 01:03:27 -0700 Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id BAA28721 for cvs-all-outgoing; Sat, 14 Oct 1995 01:03:23 -0700 Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id BAA28704 for cvs-sys-outgoing; Sat, 14 Oct 1995 01:03:19 -0700 Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id BAA28689 ; Sat, 14 Oct 1995 01:03:01 -0700 Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id SAA06283; Sat, 14 Oct 1995 18:00:57 +1000 Date: Sat, 14 Oct 1995 18:00:57 +1000 From: Bruce Evans Message-Id: <199510140800.SAA06283@godzilla.zeta.org.au> To: CVS-commiters@freefall.freebsd.org, bde@freefall.freebsd.org, cvs-sys@freefall.freebsd.org Subject: Re: cvs commit: src/sys/i386/isa spigot.c Sender: owner-commit@FreeBSD.org Precedence: bulk > Modified: sys/i386/isa spigot.c > Log: > Don't allow i/o operations for non-root users. This change should probably be in 2.1. I'm not sure what the spigot driver and the encumbered libraries for it do, but they shouldn't be allowed to de-scure the rest of the system. /dev/spigot is created with owner root.wheel and permissions 444. This was previously a security hole. Now it is probably just bogus since probably only root will be able to use the device. Perhaps the correct fix was to change /dev/spigot to owner root.kmem permissions 440. Then it would be as (in)secure as /dev/io. Granting i/o permission is more dangerous than granting read-only permission for /dev/kmem, so there should be a separate group and stronger enforcement of kern.securelevel for it. /dev/mem should probably be in the same group, since reading device registers may cause output. Bruce