From owner-freebsd-hackers  Thu Oct 23 15:08:06 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id PAA01420
          for hackers-outgoing; Thu, 23 Oct 1997 15:08:06 -0700 (PDT)
          (envelope-from owner-freebsd-hackers)
Received: from trojanhorse.ml.org (mdean.vip.best.com [206.86.94.101])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id PAA01411
          for <freebsd-hackers@FreeBSD.ORG>; Thu, 23 Oct 1997 15:08:02 -0700 (PDT)
          (envelope-from jamil@trojanhorse.ml.org)
Received: from localhost (jamil@localhost)
	by trojanhorse.ml.org (8.8.7/8.8.5) with SMTP id PAA03543;
	Thu, 23 Oct 1997 15:06:23 -0700 (PDT)
Date: Thu, 23 Oct 1997 15:06:23 -0700 (PDT)
From: "Jamil J. Weatherbee" <jamil@trojanhorse.ml.org>
To: Terry Lambert <tlambert@primenet.com>
cc: thorpej@nas.nasa.gov, joerg_wunsch@uriah.heep.sax.de,
        freebsd-hackers@FreeBSD.ORG
Subject: Re: Possible SERIOUS bug in open()? (Big time bug)
In-Reply-To: <199710232128.OAA06900@usr05.primenet.com>
Message-ID: <Pine.BSF.3.96.971023150036.3526A-100000@trojanhorse.ml.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk



On Thu, 23 Oct 1997, Terry Lambert wrote:

> > Yep, tried reading an ioport on my service providers freebsd machine,
> > works fine.  /dev/io is probably not the first and probably won't be the
> > last driver with this problem, in other works force to F_READ or F_WRITE.
> > That is precisely what I did in my dio driver because I depend on F_WRITE
> > and/or F_READ to be set to tell me about what the user wants.
> 
> I agree; this is a driver issue; the driver should enforce permissions
> when the user attempts the outb.

No, the user open() should return error for somebody trying to open for
not read  and not write. /dev/io gives the process IOPL on the basis that
it is able to open /dev/io, not do operations on it.  I think it is
perfectly reasonable for the driver to expect its open method called only
if the user has permissions on the file.  When you start putting the
responsibility on the driver for maintaining the security of the system
and not the kernel then your'e just asking for trouble.  Much like most
drivers do not check to see if the device being passed is valid once it is
opened because it should always be valid (under most circumstances). 

> 
> 
> 					Terry Lambert
> 					terry@lambert.org
> ---
> Any opinions in this posting are my own and not those of my present
> or previous employers.
>