Date: Mon, 17 Jul 2000 13:45:29 -0600 From: Warner Losh <imp@village.org> To: Hajimu UMEMOTO <ume@mahoroba.org> Cc: nsayer@freebsd.org, nsayer@sftw.com, freebsd-hackers@freebsd.org Subject: Re: sysctl interface for apm? Message-ID: <200007171945.NAA63703@harmony.village.org> In-Reply-To: Your message of "Tue, 18 Jul 2000 04:41:21 %2B0900." <20000718.044121.71098397.ume@mahoroba.org> References: <20000718.044121.71098397.ume@mahoroba.org> <200007171753.LAA62543@harmony.village.org> <39734D36.5FC7DDA@sftw.com> <200007171914.NAA63275@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20000718.044121.71098397.ume@mahoroba.org> Hajimu UMEMOTO writes: : Indeed, I wish to have a method to obtain required information without : extra privilege. We need safety way. : Currentry, GKrellM opens /dev/apm with O_RDWR. I just tried to open : with O_RDONLY and see it is sufficient for APMIO_GETINFO. I'll send : the change to the author of GKrellM. It is sufficient for APMIO_GETINFO, but it will introduce a security hole as the apm ioctls aren't careful enough about their sanity checking. I've added such sanity checking in my local copy of apm and will test it tonight when I have access to my laptop. The holes are introduced by the chmod 664 /dev/apm, not by doing the open rdonly :-). If you'll send me a pointer to gkrellm, I'll see about putting it up on my laptop and making sure that my stuff works with it. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007171945.NAA63703>