PERFORCE change 79546 for review

Mon Jul 4 12:52:58 GMT 2005

http://perforce.freebsd.org/chv.cgi?CH=79546

Change 79546 by rwatson at rwatson_paprika on 2005/07/04 12:52:26

	Authorize various new/old suser() checks relating to hardware
	configuration, such as uploading firmware, as CAP_SYS_RAWIO.

Affected files ...

.. //depot/projects/trustedbsd/sebsd/sys/dev/drm/drmP.h#10 edit
.. //depot/projects/trustedbsd/sebsd/sys/dev/fdc/fdc.c#3 edit
.. //depot/projects/trustedbsd/sebsd/sys/dev/ipw/if_ipw.c#2 edit
.. //depot/projects/trustedbsd/sebsd/sys/dev/iwi/if_iwi.c#2 edit
.. //depot/projects/trustedbsd/sebsd/sys/i386/i386/io.c#2 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/sys/dev/drm/drmP.h#10 (text+ko) ====

@@ -223,7 +223,7 @@
 				int flags, DRM_STRUCTPROC *p, DRMFILE filp
 
 #define PAGE_ALIGN(addr) round_page(addr)
-#define DRM_SUSER(p)		suser(p)
+#define DRM_SUSER(p)		cap_check(p, CAP_SYS_RAWIO)
 #define DRM_AGP_FIND_DEVICE()	agp_find_device()
 #define DRM_MTRR_WC		MDF_WRITECOMBINE
 #define jiffies			ticks

==== //depot/projects/trustedbsd/sebsd/sys/dev/fdc/fdc.c#3 (text+ko) ====

@@ -58,6 +58,7 @@
 #include <sys/param.h>
 #include <sys/bio.h>
 #include <sys/bus.h>
+#include <sys/capability.h>
 #include <sys/devicestat.h>
 #include <sys/disk.h>
 #include <sys/fcntl.h>
@@ -1473,7 +1474,7 @@
 		return (0);
 
 	case FD_CLRERR:
-		if (suser(td) != 0)
+		if (cap_check(td, CAP_SYS_RAWIO) != 0)
 			return (EPERM);
 		fd->fdc->fdc_errs = 0;
 		return (0);

==== //depot/projects/trustedbsd/sebsd/sys/dev/ipw/if_ipw.c#2 (text+ko) ====

@@ -1544,7 +1544,7 @@
 
 	case SIOCSLOADFW:
 		/* only super-user can do that! */
-		if ((error = suser(curthread)) != 0)
+		if ((error = cap_check(curthread, CAP_SYS_RAWIO)) != 0)
 			break;
 
 		ifr = (struct ifreq *)data;
@@ -1553,7 +1553,7 @@
 
 	case SIOCSKILLFW:
 		/* only super-user can do that! */
-		if ((error = suser(curthread)) != 0)
+		if ((error = cap_check(curthread, CAP_SYS_RAWIO)) != 0)
 			break;
 
 		ifp->if_flags &= ~IFF_UP;

==== //depot/projects/trustedbsd/sebsd/sys/dev/iwi/if_iwi.c#2 (text+ko) ====

@@ -1550,7 +1550,7 @@
 
 	case SIOCSLOADFW:
 		/* only super-user can do that! */
-		if ((error = suser(curthread)) != 0)
+		if ((error = cap_check(curthread, CAP_SYS_RAWIO)) != 0)
 			break;
 
 		ifr = (struct ifreq *)data;
@@ -1559,7 +1559,7 @@
 
 	case SIOCSKILLFW:
 		/* only super-user can do that! */
-		if ((error = suser(curthread)) != 0)
+		if ((error = cap_check(curthread, CAP_SYS_RAWIO)) != 0)
 			break;
 
 		ifp->if_flags &= ~IFF_UP;

==== //depot/projects/trustedbsd/sebsd/sys/i386/i386/io.c#2 (text+ko) ====

@@ -28,6 +28,7 @@
 __FBSDID("$FreeBSD: src/sys/i386/i386/io.c,v 1.1 2004/08/01 11:40:52 markm Exp $");
 
 #include <sys/param.h>
+#include <sys/capability.h>
 #include <sys/conf.h>
 #include <sys/fcntl.h>
 #include <sys/lock.h>
@@ -54,7 +55,7 @@
 {
 	int error;
 
-	error = suser(td);
+	error = cap_check(td, CAP_SYS_RAWIO);
 	if (error != 0)
 		return (error);
 	error = securelevel_gt(td->td_ucred, 0);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

