From owner-acpi-jp@jp.FreeBSD.org Sat Feb 15 03:22:51 2003
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id h1EIMph40558;
	Sat, 15 Feb 2003 03:22:51 +0900 (JST)
	(envelope-from owner-acpi-jp@jp.FreeBSD.org)
Received: from fledge.watson.org (ak82hjs7hex92j@fledge.watson.org [204.156.12.50])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id h1EIMnJ40553
	for <acpi-jp@jp.freebsd.org>; Sat, 15 Feb 2003 03:22:50 +0900 (JST)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.12.6/8.12.5) with SMTP id h1EIMUP4045676;
	Fri, 14 Feb 2003 13:22:31 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: User Takawata <takawata@axe-inc.co.jp>
cc: acpi-jp@jp.FreeBSD.org
In-Reply-To: <200302140818.RAA06555@axe-inc.co.jp>
Message-ID: <Pine.NEB.3.96L.1030214132023.27484D-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Reply-To: acpi-jp@jp.FreeBSD.org
Precedence: list
Date: Fri, 14 Feb 2003 13:22:30 -0500
X-Sequence: acpi-jp 2092
Subject: [acpi-jp 2092] Re: /dev/acpi permission fix to permit unharmful ioctls.
Errors-To: owner-acpi-jp@jp.FreeBSD.org
Sender: owner-acpi-jp@jp.FreeBSD.org
X-Originator: rwatson@FreeBSD.org
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+030107


On Fri, 14 Feb 2003, User Takawata wrote:

> Hi, I want to commit following patch.  This enables less previleged user
> program to use harmless ioctls, like getting battery information. 
> 
> Comment? 

This seems fine to me.  The only caution I might add is you could add a
comment like the following to the ioctl hooks in the various external
handlers -- acpi_battery_ioctl(), et al, indicating that not checks are
required:

	/*
	 * No security check required: information retrieval only.  If
	 * new functions are added here, a check might be required.
	 */

Or something like that.  That way when people copy and paste these
functions into new implementations, they remember that they may need to
add checks if their ioctl's do more than these do.

Looks good, thanks!

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories


> 
> Index: acpi.c
> ===================================================================
> RCS file: /home/ncvs/src/sys/dev/acpica/acpi.c,v
> retrieving revision 1.83
> diff -u -r1.83 acpi.c
> --- acpi.c	28 Dec 2002 14:58:50 -0000	1.83
> +++ acpi.c	14 Feb 2003 08:14:09 -0000
> @@ -33,6 +33,7 @@
>  #include <sys/param.h>
>  #include <sys/kernel.h>
>  #include <sys/proc.h>
> +#include <sys/fcntl.h>
>  #include <sys/malloc.h>
>  #include <sys/bus.h>
>  #include <sys/conf.h>
> @@ -487,7 +488,7 @@
>      /*
>       * Create the control device
>       */
> -    sc->acpi_dev_t = make_dev(&acpi_cdevsw, 0, UID_ROOT, GID_WHEEL, 0600,
> +    sc->acpi_dev_t = make_dev(&acpi_cdevsw, 0, UID_ROOT, GID_WHEEL, 0644,
>  	"acpi");
>      sc->acpi_dev_t->si_drv1 = sc;
>  
> @@ -1841,6 +1842,15 @@
>  		goto out;
>  	    }
>  	}
> +    }
> +
> +    /*
> +     * Core ioctl is not permitted for non-writable user.
> +     * Currently, other ioctls just fetch information.
> +     * Not changing system behavior.
> +     */
> +    if(!(flag & FWRITE)){
> +	    return EPERM;
>      }
>  
>      /*
> 
> 

