From owner-freebsd-stable Thu Aug 30 4:35:53 2001 Delivered-To: freebsd-stable@freebsd.org Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11]) by hub.freebsd.org (Postfix) with SMTP id BDD0337B40A for ; Thu, 30 Aug 2001 04:35:35 -0700 (PDT) (envelope-from dwmalone@maths.tcd.ie) Received: from walton.maths.tcd.ie by salmon.maths.tcd.ie with SMTP id ; 30 Aug 2001 12:35:35 +0100 (BST) Date: Thu, 30 Aug 2001 12:35:33 +0100 From: David Malone To: Pascal Pederiva , Kazutaka YOKOTA , freebsd-stable@FreeBSD.ORG Subject: Re: Disabling harmful keys (was: Re: PATCH: syscons.c sysctl for PC-Reboot Keys) Message-ID: <20010830123533.A62237@walton.maths.tcd.ie> References: <200108101231.VAA17040@zodiac.mech.utsunomiya-u.ac.jp> <20010826004958.A81897@paped.com> <20010828215255.A69585@walton.maths.tcd.ie> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010828215255.A69585@walton.maths.tcd.ie>; from dwmalone@maths.tcd.ie on Tue, Aug 28, 2001 at 09:52:55PM +0100 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I have a working version of the keymap protection sysctl stuff now. I actually ended up with more levels than I initially thought I would: >= 1: Only root can change restricted keys (like boot, panic, ...) >= 2: Only root can change restricted keys and regular keys. Regular users still can change accents and function keys. >= 3: Only root can change restricted keys, regular keys and accents. >= 4: Only root can change any of the keymap. There are two small problems. First is that the sysctl is called kern.keymap_protection - this should probably be somthing different. Second, the kbd driver clears the keyboard's accent map if you load a new keymap, which makes the distinction between level 3 and level 4 less useful. David. Index: kbd.c =================================================================== RCS file: /cvs/FreeBSD-CVS/src/sys/dev/kbd/kbd.c,v retrieving revision 1.26 diff -u -r1.26 kbd.c --- kbd.c 20 Jul 2001 13:05:56 -0000 1.26 +++ kbd.c 30 Aug 2001 10:37:17 -0000 @@ -35,6 +35,8 @@ #include #include #include +#include +#include #include #include @@ -766,6 +768,11 @@ * functions. */ +static int key_change_ok(struct keyent_t *, struct keyent_t *, struct proc *); +static int keymap_change_ok(keymap_t *, keymap_t *, struct proc *); +static int accent_change_ok(accentmap_t *, accentmap_t *, struct proc *); +static int fkey_change_ok(fkeytab_t *, fkeyarg_t *, struct proc *); + int genkbd_commonioctl(keyboard_t *kbd, u_long cmd, caddr_t arg) { @@ -773,6 +780,7 @@ fkeyarg_t *fkeyp; int s; int i; + int error; s = spltty(); switch (cmd) { @@ -802,6 +810,12 @@ break; case PIO_KEYMAP: /* set keyboard translation table */ #ifndef KBD_DISABLE_KEYMAP_LOAD + error = keymap_change_ok(kbd->kb_keymap, (keymap_t* )arg, + curproc); + if (error != 0) { + splx(s); + return error; + } bzero(kbd->kb_accentmap, sizeof(*kbd->kb_accentmap)); bcopy(arg, kbd->kb_keymap, sizeof(*kbd->kb_keymap)); break; @@ -828,6 +842,12 @@ splx(s); return EINVAL; } + error = key_change_ok(&kbd->kb_keymap->key[keyp->keynum], + &keyp->key, curproc); + if (error != 0) { + splx(s); + return error; + } bcopy(&keyp->key, &kbd->kb_keymap->key[keyp->keynum], sizeof(keyp->key)); break; @@ -841,6 +861,12 @@ break; case PIO_DEADKEYMAP: /* set accent key translation table */ #ifndef KBD_DISABLE_KEYMAP_LOAD + error = accent_change_ok(kbd->kb_accentmap, + (accentmap_t *)arg, curproc); + if (error != 0) { + splx(s); + return error; + } bcopy(arg, kbd->kb_accentmap, sizeof(*kbd->kb_accentmap)); break; #else @@ -865,6 +891,12 @@ splx(s); return EINVAL; } + error = fkey_change_ok(&kbd->kb_fkeytab[fkeyp->keynum], + fkeyp, curproc); + if (error != 0) { + splx(s); + return error; + } kbd->kb_fkeytab[fkeyp->keynum].len = imin(fkeyp->flen, MAXFK); bcopy(fkeyp->keydef, kbd->kb_fkeytab[fkeyp->keynum].str, kbd->kb_fkeytab[fkeyp->keynum].len); @@ -880,6 +912,109 @@ } splx(s); + return 0; +} + +static int keymap_protection; +SYSCTL_INT(_kern, OID_AUTO, keymap_protection, CTLFLAG_RW, &keymap_protection, 0, ""); + +#define RESTRICTED_KEY(key, i) \ + ((key->spcl & (0x80 >> i)) && \ + (key->map[i] == RBT || key->map[i] == SUSP || \ + key->map[i] == STBY || key->map[i] == DBG || \ + key->map[i] == PNC || key->map[i] == HALT || \ + key->map[i] == PDWN)) + +static int +key_change_ok(struct keyent_t *oldkey, struct keyent_t *newkey, struct proc *p) +{ + int i; + + /* Low keymap_protection means any changes are OK. */ + if (keymap_protection <= 0) + return 0; + + /* High keymap_protection means only root can change the keymap. */ + if (keymap_protection >= 2) { + for (i = 0; i < NUM_STATES; i++) + if (oldkey->map[i] != newkey->map[i]) + return suser(p); + if (oldkey->spcl != newkey->spcl) + return suser(p); + if (oldkey->flgs != newkey->flgs) + return suser(p); + return 0; + } + + /* Otherwise we have to see if any special keys are being changed. */ + for (i = 0; i < NUM_STATES; i++) { + /* + * If either the oldkey or the newkey action is restricted + * then we must make sure that the action doesn't change. + */ + if (!RESTRICTED_KEY(oldkey, i) && !RESTRICTED_KEY(newkey, i)) + continue; + if ((oldkey->spcl & (0x80 >> i)) == (newkey->spcl & (0x80 >> i)) + && oldkey->map[i] == newkey->map[i]) + continue; + return suser(p); + } + + return 0; +} + +static int +keymap_change_ok(keymap_t *oldmap, keymap_t *newmap, struct proc *p) +{ + int keycode, error; + + for (keycode = 0; keycode < NUM_KEYS; keycode++) { + if ((error = key_change_ok(&oldmap->key[keycode], + &newmap->key[keycode], p)) != 0) + return error; + } + return 0; +} + +static int +accent_change_ok(accentmap_t *oldmap, accentmap_t *newmap, struct proc *p) +{ + struct acc_t *oldacc, *newacc; + int accent, i; + + if (keymap_protection <= 2) + return 0; + + if (oldmap->n_accs != newmap->n_accs) + return suser(p); + + for (accent = 0; accent < oldmap->n_accs; accent++) { + oldacc = &oldmap->acc[accent]; + newacc = &newmap->acc[accent]; + if (oldacc->accchar != newacc->accchar) + return suser(p); + for (i = 0; i < NUM_ACCENTCHARS; ++i) { + if (oldacc->map[i][0] != newacc->map[i][0]) + return suser(p); + if (oldacc->map[i][0] == 0) /* end of table */ + break; + if (oldacc->map[i][1] != newacc->map[i][1]) + return suser(p); + } + } + + return 0; +} + +static int fkey_change_ok(fkeytab_t *oldkey, fkeyarg_t *newkey, struct proc *p) +{ + if (keymap_protection <= 3) + return 0; + + if (oldkey->len != newkey->flen || + bcmp(oldkey->str, newkey->keydef, oldkey->len != 0)) + return suser(p); + return 0; } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message