Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 25 Nov 2018 00:34:00 +0000 (UTC)
From:      Ed Maste <emaste@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r340916 - stable/11/sys/dev/proto
Message-ID:  <201811250034.wAP0Y0ea048261@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: emaste
Date: Sun Nov 25 00:34:00 2018
New Revision: 340916
URL: https://svnweb.freebsd.org/changeset/base/340916

Log:
  MFC r340771: proto: change device permissions to 0600
  
  C Turt reports that the driver is not thread safe and may have
  exploitable races.
  
  Note that the proto device is intended for prototyping and development,
  and is not for use on production systems.  From the man page:
  
  SECURITY CONSIDERATIONS
       Because programs have direct access to the hardware, the proto
       driver is inherently insecure.  It is not advisable to use this
       driver on a production machine.
  
  The proto device is not included in any of FreeBSD's kernel config files
  (although the module is built).
  
  The issues in the proto device still need to be fixed, and the device is
  inherently (and intentionally) insecure, but it might as well be limited
  to root only.
  
  admbugs:	782
  Reported by:	C Turt <ecturt@gmail.com>
  Sponsored by:	The FreeBSD Foundation

Modified:
  stable/11/sys/dev/proto/proto_core.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/dev/proto/proto_core.c
==============================================================================
--- stable/11/sys/dev/proto/proto_core.c	Sun Nov 25 00:32:23 2018	(r340915)
+++ stable/11/sys/dev/proto/proto_core.c	Sun Nov 25 00:34:00 2018	(r340916)
@@ -196,7 +196,7 @@ proto_attach(device_t dev)
 		case SYS_RES_MEMORY:
 		case SYS_RES_IOPORT:
 			r->r_size = rman_get_size(r->r_d.res);
-			r->r_u.cdev = make_dev(&proto_devsw, res, 0, 0, 0666,
+			r->r_u.cdev = make_dev(&proto_devsw, res, 0, 0, 0600,
 			    "proto/%s/%02x.%s", device_get_desc(dev), r->r_rid,
 			    (r->r_type == SYS_RES_IOPORT) ? "io" : "mem");
 			r->r_u.cdev->si_drv1 = sc;
@@ -204,7 +204,7 @@ proto_attach(device_t dev)
 			break;
 		case PROTO_RES_PCICFG:
 			r->r_size = 4096;
-			r->r_u.cdev = make_dev(&proto_devsw, res, 0, 0, 0666,
+			r->r_u.cdev = make_dev(&proto_devsw, res, 0, 0, 0600,
 			    "proto/%s/pcicfg", device_get_desc(dev));
 			r->r_u.cdev->si_drv1 = sc;
 			r->r_u.cdev->si_drv2 = r;
@@ -212,7 +212,7 @@ proto_attach(device_t dev)
 		case PROTO_RES_BUSDMA:
 			r->r_d.busdma = proto_busdma_attach(sc);
 			r->r_size = 0;	/* no read(2) nor write(2) */
-			r->r_u.cdev = make_dev(&proto_devsw, res, 0, 0, 0666,
+			r->r_u.cdev = make_dev(&proto_devsw, res, 0, 0, 0600,
 			    "proto/%s/busdma", device_get_desc(dev));
 			r->r_u.cdev->si_drv1 = sc;
 			r->r_u.cdev->si_drv2 = r;



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201811250034.wAP0Y0ea048261>