Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-3]: src/sys/dev Pull up revision 1.13 (requested by elad in ticke...



details:   https://anonhg.NetBSD.org/src/rev/2809288a9f04
branches:  netbsd-3
changeset: 576368:2809288a9f04
user:      tron <tron%NetBSD.org@localhost>
date:      Sat Jul 02 15:49:51 2005 +0000

description:
Pull up revision 1.13 (requested by elad in ticket #487):
Don't allow unprivileged users to open the veriexec device.
While I'm here, explicit 'int' for 'veriexec_device_usage'.

diffstat:

 sys/dev/verified_exec.c |  11 +++++++----
 1 files changed, 7 insertions(+), 4 deletions(-)

diffs (40 lines):

diff -r 0889ebe7545b -r 2809288a9f04 sys/dev/verified_exec.c
--- a/sys/dev/verified_exec.c   Sat Jul 02 15:49:36 2005 +0000
+++ b/sys/dev/verified_exec.c   Sat Jul 02 15:49:51 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: verified_exec.c,v 1.5.2.6 2005/07/02 15:45:13 tron Exp $       */
+/*     $NetBSD: verified_exec.c,v 1.5.2.7 2005/07/02 15:49:51 tron Exp $       */
 
 /*-
  * Copyright 2005 Elad Efrat <elad%bsd.org.il@localhost>
@@ -31,9 +31,9 @@
 
 #include <sys/cdefs.h>
 #if defined(__NetBSD__)
-__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.5.2.6 2005/07/02 15:45:13 tron Exp $");
+__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.5.2.7 2005/07/02 15:49:51 tron Exp $");
 #else
-__RCSID("$Id: verified_exec.c,v 1.5.2.6 2005/07/02 15:45:13 tron Exp $\n$NetBSD: verified_exec.c,v 1.5.2.6 2005/07/02 15:45:13 tron Exp $");
+__RCSID("$Id: verified_exec.c,v 1.5.2.7 2005/07/02 15:49:51 tron Exp $\n$NetBSD: verified_exec.c,v 1.5.2.7 2005/07/02 15:49:51 tron Exp $");
 #endif
 
 #include <sys/param.h>
@@ -64,7 +64,7 @@
 #include <sys/verified_exec.h>
 
 /* count of number of times device is open (we really only allow one open) */
-static unsigned veriexec_dev_usage;
+static unsigned int veriexec_dev_usage;
 
 struct veriexec_softc {
         DEVPORT_DEVICE veriexec_dev;
@@ -127,6 +127,9 @@
               p->p_pid, dev);
 #endif
 
+       if (suser(p->p_ucred, &p->p_acflag) != 0)
+               return (EPERM);
+
        if (veriexec_dev_usage > 0) {
                veriexec_dprintf(("Veriexec: load device already in use\n"));
                return(EBUSY);



Home | Main Index | Thread Index | Old Index