Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/dev Don't allow unprivileged users to open the veriexec ...

details:   https://anonhg.NetBSD.org/src/rev/692630003122
branches:  trunk
changeset: 582097:692630003122
user:      elad <elad%NetBSD.org@localhost>
date:      Thu Jun 16 15:41:36 2005 +0000

description:
Don't allow unprivileged users to open the veriexec device.
While I'm here, explicit 'int' for 'veriexec_device_usage'.

diffstat:

 sys/dev/verified_exec.c |  11 +++++++----
 1 files changed, 7 insertions(+), 4 deletions(-)

diffs (40 lines):

diff -r 92a2b663b53c -r 692630003122 sys/dev/verified_exec.c
--- a/sys/dev/verified_exec.c   Thu Jun 16 15:31:21 2005 +0000
+++ b/sys/dev/verified_exec.c   Thu Jun 16 15:41:36 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: verified_exec.c,v 1.12 2005/06/06 02:48:20 christos Exp $      */
+/*     $NetBSD: verified_exec.c,v 1.13 2005/06/16 15:41:36 elad Exp $  */
 
 /*-
  * Copyright 2005 Elad Efrat <elad%bsd.org.il@localhost>
@@ -31,9 +31,9 @@
 
 #include <sys/cdefs.h>
 #if defined(__NetBSD__)
-__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.12 2005/06/06 02:48:20 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.13 2005/06/16 15:41:36 elad Exp $");
 #else
-__RCSID("$Id: verified_exec.c,v 1.12 2005/06/06 02:48:20 christos Exp $\n$NetBSD: verified_exec.c,v 1.12 2005/06/06 02:48:20 christos Exp $");
+__RCSID("$Id: verified_exec.c,v 1.13 2005/06/16 15:41:36 elad Exp $\n$NetBSD: verified_exec.c,v 1.13 2005/06/16 15:41:36 elad Exp $");
 #endif
 
 #include <sys/param.h>
@@ -64,7 +64,7 @@
 #include <sys/verified_exec.h>
 
 /* count of number of times device is open (we really only allow one open) */
-static unsigned veriexec_dev_usage;
+static unsigned int veriexec_dev_usage;
 
 struct veriexec_softc {
         DEVPORT_DEVICE veriexec_dev;
@@ -127,6 +127,9 @@
               p->p_pid, dev);
 #endif
 
+       if (suser(p->p_ucred, &p->p_acflag) != 0)
+               return (EPERM);
+
        if (veriexec_dev_usage > 0) {
                veriexec_dprintf(("Veriexec: load device already in use\n"));
                return(EBUSY);
Home | Main Index | Thread Index | Old Index