From guido@gvr.win.tue.nl Sat Aug 7 06:58:04 1993
I posted some patches on the 386bsd_patchkit list to prohibit io access. Because of a noninitialised filed in the tss, this was possible. It is included below as the patch to machdep.c However, when you do this *necessary* fix (security), it will be impossible form within user space to do io. therefor, I included another fix: when you open /dev/io, you get the access. Of course you can rewrite it to use another minor and thus giving access to the iospace when /dev/mem is opened, e.g. NOTE: The /dev/io entry has not been added to /dev/MAKEDEV yet. The patch is in NetBSD.
This commit is contained in:
@@ -49,7 +49,7 @@
|
|||||||
* 20 Apr 93 Bruce Evans New npx-0.5 code
|
* 20 Apr 93 Bruce Evans New npx-0.5 code
|
||||||
* 25 Apr 93 Bruce Evans New intr-0.1 code
|
* 25 Apr 93 Bruce Evans New intr-0.1 code
|
||||||
*/
|
*/
|
||||||
static char rcsid[] = "$Header: /a/cvs/386BSD/src/sys/i386/i386/machdep.c,v 1.4 1993/07/16 23:55:07 davidg Exp $";
|
static char rcsid[] = "$Header: /freefall/a/cvs/386BSD/src/sys/i386/i386/machdep.c,v 1.5 1993/07/27 10:52:17 davidg Exp $";
|
||||||
|
|
||||||
|
|
||||||
#include <stddef.h>
|
#include <stddef.h>
|
||||||
@@ -1008,6 +1008,10 @@ init386(first)
|
|||||||
proc0.p_addr->u_pcb.pcb_tss.tss_esp0 = (int) kstack + UPAGES*NBPG;
|
proc0.p_addr->u_pcb.pcb_tss.tss_esp0 = (int) kstack + UPAGES*NBPG;
|
||||||
proc0.p_addr->u_pcb.pcb_tss.tss_ss0 = GSEL(GDATA_SEL, SEL_KPL) ;
|
proc0.p_addr->u_pcb.pcb_tss.tss_ss0 = GSEL(GDATA_SEL, SEL_KPL) ;
|
||||||
_gsel_tss = GSEL(GPROC0_SEL, SEL_KPL);
|
_gsel_tss = GSEL(GPROC0_SEL, SEL_KPL);
|
||||||
|
|
||||||
|
((struct i386tss *)gdt_segs[GPROC0_SEL].ssd_base)->tss_ioopt =
|
||||||
|
(sizeof(tss))<<16;
|
||||||
|
|
||||||
ltr(_gsel_tss);
|
ltr(_gsel_tss);
|
||||||
|
|
||||||
/* make a call gate to reenter kernel with */
|
/* make a call gate to reenter kernel with */
|
||||||
|
|||||||
@@ -50,8 +50,10 @@
|
|||||||
#include "systm.h"
|
#include "systm.h"
|
||||||
#include "uio.h"
|
#include "uio.h"
|
||||||
#include "malloc.h"
|
#include "malloc.h"
|
||||||
|
#include "proc.h"
|
||||||
|
|
||||||
#include "machine/cpu.h"
|
#include "machine/cpu.h"
|
||||||
|
#include "machine/psl.h"
|
||||||
|
|
||||||
#include "vm/vm_param.h"
|
#include "vm/vm_param.h"
|
||||||
#include "vm/lock.h"
|
#include "vm/lock.h"
|
||||||
@@ -61,6 +63,42 @@
|
|||||||
|
|
||||||
extern char *vmmap; /* poor name! */
|
extern char *vmmap; /* poor name! */
|
||||||
/*ARGSUSED*/
|
/*ARGSUSED*/
|
||||||
|
mmclose(dev, uio, flags)
|
||||||
|
dev_t dev;
|
||||||
|
struct uio *uio;
|
||||||
|
int flags;
|
||||||
|
{
|
||||||
|
struct syscframe *fp;
|
||||||
|
|
||||||
|
switch (minor(dev)) {
|
||||||
|
case 14:
|
||||||
|
fp = (struct syscframe *)curproc->p_regs;
|
||||||
|
fp->sf_eflags &= ~PSL_IOPL;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
/*ARGSUSED*/
|
||||||
|
mmopen(dev, uio, flags)
|
||||||
|
dev_t dev;
|
||||||
|
struct uio *uio;
|
||||||
|
int flags;
|
||||||
|
{
|
||||||
|
struct syscframe *fp;
|
||||||
|
|
||||||
|
switch (minor(dev)) {
|
||||||
|
case 14:
|
||||||
|
fp = (struct syscframe *)curproc->p_regs;
|
||||||
|
fp->sf_eflags |= PSL_IOPL;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
/*ARGSUSED*/
|
||||||
mmrw(dev, uio, flags)
|
mmrw(dev, uio, flags)
|
||||||
dev_t dev;
|
dev_t dev;
|
||||||
struct uio *uio;
|
struct uio *uio;
|
||||||
|
|||||||
@@ -56,7 +56,7 @@
|
|||||||
* 28 Jul 93 Jordan K. Hubbard Free codrv's slot again
|
* 28 Jul 93 Jordan K. Hubbard Free codrv's slot again
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
static char rcsid[] = "$Header: /a/cvs/386BSD/src/sys/i386/i386/conf.c,v 1.1.1.1 1993/06/12 14:58:07 rgrimes Exp $";
|
static char rcsid[] = "$Header: /freefall/a/cvs/386BSD/src/sys/i386/i386/conf.c,v 1.2 1993/07/30 00:57:06 jkh Exp $";
|
||||||
|
|
||||||
#include "param.h"
|
#include "param.h"
|
||||||
#include "systm.h"
|
#include "systm.h"
|
||||||
@@ -213,7 +213,7 @@ extern struct tty pccons;
|
|||||||
|
|
||||||
int cttyopen(), cttyread(), cttywrite(), cttyioctl(), cttyselect();
|
int cttyopen(), cttyread(), cttywrite(), cttyioctl(), cttyselect();
|
||||||
|
|
||||||
int mmrw();
|
int mmopen(), mmclose(), mmrw();
|
||||||
#define mmselect seltrue
|
#define mmselect seltrue
|
||||||
|
|
||||||
#include "pty.h"
|
#include "pty.h"
|
||||||
@@ -359,9 +359,9 @@ struct cdevsw cdevsw[] =
|
|||||||
{ cttyopen, nullop, cttyread, cttywrite, /*1*/
|
{ cttyopen, nullop, cttyread, cttywrite, /*1*/
|
||||||
cttyioctl, nullop, nullop, NULL, /* tty */
|
cttyioctl, nullop, nullop, NULL, /* tty */
|
||||||
cttyselect, enodev, NULL },
|
cttyselect, enodev, NULL },
|
||||||
{ nullop, nullop, mmrw, mmrw, /*2*/
|
{ mmopen, mmclose, mmrw, mmrw, /*2*/
|
||||||
enodev, nullop, nullop, NULL, /* memory */
|
enodev, nullop, nullop, NULL, /* memory */
|
||||||
mmselect, enodev, NULL },
|
mmselect, enodev, NULL },
|
||||||
{ wdopen, wdclose, rawread, rawwrite, /*3*/
|
{ wdopen, wdclose, rawread, rawwrite, /*3*/
|
||||||
wdioctl, enodev, nullop, NULL, /* wd */
|
wdioctl, enodev, nullop, NULL, /* wd */
|
||||||
seltrue, enodev, wdstrategy },
|
seltrue, enodev, wdstrategy },
|
||||||
|
|||||||
@@ -49,7 +49,7 @@
|
|||||||
* 20 Apr 93 Bruce Evans New npx-0.5 code
|
* 20 Apr 93 Bruce Evans New npx-0.5 code
|
||||||
* 25 Apr 93 Bruce Evans New intr-0.1 code
|
* 25 Apr 93 Bruce Evans New intr-0.1 code
|
||||||
*/
|
*/
|
||||||
static char rcsid[] = "$Header: /a/cvs/386BSD/src/sys/i386/i386/machdep.c,v 1.4 1993/07/16 23:55:07 davidg Exp $";
|
static char rcsid[] = "$Header: /freefall/a/cvs/386BSD/src/sys/i386/i386/machdep.c,v 1.5 1993/07/27 10:52:17 davidg Exp $";
|
||||||
|
|
||||||
|
|
||||||
#include <stddef.h>
|
#include <stddef.h>
|
||||||
@@ -1008,6 +1008,10 @@ init386(first)
|
|||||||
proc0.p_addr->u_pcb.pcb_tss.tss_esp0 = (int) kstack + UPAGES*NBPG;
|
proc0.p_addr->u_pcb.pcb_tss.tss_esp0 = (int) kstack + UPAGES*NBPG;
|
||||||
proc0.p_addr->u_pcb.pcb_tss.tss_ss0 = GSEL(GDATA_SEL, SEL_KPL) ;
|
proc0.p_addr->u_pcb.pcb_tss.tss_ss0 = GSEL(GDATA_SEL, SEL_KPL) ;
|
||||||
_gsel_tss = GSEL(GPROC0_SEL, SEL_KPL);
|
_gsel_tss = GSEL(GPROC0_SEL, SEL_KPL);
|
||||||
|
|
||||||
|
((struct i386tss *)gdt_segs[GPROC0_SEL].ssd_base)->tss_ioopt =
|
||||||
|
(sizeof(tss))<<16;
|
||||||
|
|
||||||
ltr(_gsel_tss);
|
ltr(_gsel_tss);
|
||||||
|
|
||||||
/* make a call gate to reenter kernel with */
|
/* make a call gate to reenter kernel with */
|
||||||
|
|||||||
@@ -50,8 +50,10 @@
|
|||||||
#include "systm.h"
|
#include "systm.h"
|
||||||
#include "uio.h"
|
#include "uio.h"
|
||||||
#include "malloc.h"
|
#include "malloc.h"
|
||||||
|
#include "proc.h"
|
||||||
|
|
||||||
#include "machine/cpu.h"
|
#include "machine/cpu.h"
|
||||||
|
#include "machine/psl.h"
|
||||||
|
|
||||||
#include "vm/vm_param.h"
|
#include "vm/vm_param.h"
|
||||||
#include "vm/lock.h"
|
#include "vm/lock.h"
|
||||||
@@ -61,6 +63,42 @@
|
|||||||
|
|
||||||
extern char *vmmap; /* poor name! */
|
extern char *vmmap; /* poor name! */
|
||||||
/*ARGSUSED*/
|
/*ARGSUSED*/
|
||||||
|
mmclose(dev, uio, flags)
|
||||||
|
dev_t dev;
|
||||||
|
struct uio *uio;
|
||||||
|
int flags;
|
||||||
|
{
|
||||||
|
struct syscframe *fp;
|
||||||
|
|
||||||
|
switch (minor(dev)) {
|
||||||
|
case 14:
|
||||||
|
fp = (struct syscframe *)curproc->p_regs;
|
||||||
|
fp->sf_eflags &= ~PSL_IOPL;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
/*ARGSUSED*/
|
||||||
|
mmopen(dev, uio, flags)
|
||||||
|
dev_t dev;
|
||||||
|
struct uio *uio;
|
||||||
|
int flags;
|
||||||
|
{
|
||||||
|
struct syscframe *fp;
|
||||||
|
|
||||||
|
switch (minor(dev)) {
|
||||||
|
case 14:
|
||||||
|
fp = (struct syscframe *)curproc->p_regs;
|
||||||
|
fp->sf_eflags |= PSL_IOPL;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
/*ARGSUSED*/
|
||||||
mmrw(dev, uio, flags)
|
mmrw(dev, uio, flags)
|
||||||
dev_t dev;
|
dev_t dev;
|
||||||
struct uio *uio;
|
struct uio *uio;
|
||||||
|
|||||||
Reference in New Issue
Block a user