diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 1998-07-09 18:22:26 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 1998-07-09 18:22:26 +0000 |
| commit | 9eb028107f09b6d8ac0b7cc5d8484e3d4ec305bd (patch) | |
| tree | 29f6ea98b555af6a0cfef0649deed642f3b3fb2d | |
| parent | 468a6f3f59475078b14e116d6e69d30cf08dd119 (diff) | |
never set PSL_IOPL at high securelevel (except the one xf86 case, controlled by the aperture driver; problem noted by csapuntz
| -rw-r--r-- | sys/arch/i386/i386/linux_machdep.c | 6 | ||||
| -rw-r--r-- | sys/arch/i386/i386/mem.c | 4 | ||||
| -rw-r--r-- | sys/arch/i386/i386/sys_machdep.c | 11 | ||||
| -rw-r--r-- | sys/arch/i386/isa/pccons.c | 8 |
4 files changed, 23 insertions, 6 deletions
diff --git a/sys/arch/i386/i386/linux_machdep.c b/sys/arch/i386/i386/linux_machdep.c index 5aa46717d08..c4491e4d81e 100644 --- a/sys/arch/i386/i386/linux_machdep.c +++ b/sys/arch/i386/i386/linux_machdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: linux_machdep.c,v 1.11 1998/02/08 08:32:34 deraadt Exp $ */ +/* $OpenBSD: linux_machdep.c,v 1.12 1998/07/09 18:22:12 deraadt Exp $ */ /* $NetBSD: linux_machdep.c,v 1.29 1996/05/03 19:42:11 christos Exp $ */ /* @@ -542,6 +542,8 @@ linux_sys_iopl(p, v, retval) if (suser(p->p_ucred, &p->p_acflag) != 0) return EPERM; + if (securelevel > 0) + return EPERM; fp->tf_eflags |= PSL_IOPL; *retval = 0; return 0; @@ -566,6 +568,8 @@ linux_sys_ioperm(p, v, retval) if (suser(p->p_ucred, &p->p_acflag) != 0) return EPERM; + if (securelevel > 0) + return EPERM; if (SCARG(uap, val)) fp->tf_eflags |= PSL_IOPL; *retval = 0; diff --git a/sys/arch/i386/i386/mem.c b/sys/arch/i386/i386/mem.c index e1bf3248368..b6092b717a6 100644 --- a/sys/arch/i386/i386/mem.c +++ b/sys/arch/i386/i386/mem.c @@ -1,5 +1,5 @@ /* $NetBSD: mem.c,v 1.31 1996/05/03 19:42:19 christos Exp $ */ -/* $OpenBSD: mem.c,v 1.7 1998/02/19 06:59:48 millert Exp $ */ +/* $OpenBSD: mem.c,v 1.8 1998/07/09 18:22:13 deraadt Exp $ */ /* * Copyright (c) 1988 University of Utah. * Copyright (c) 1982, 1986, 1990, 1993 @@ -81,7 +81,7 @@ mmopen(dev, flag, mode, p) #ifdef COMPAT_10 /* This is done by i386_iopl(3) now. */ case 14: - if (flag & FWRITE) { + if (securelevel <= 0 && (flag & FWRITE)) { struct trapframe *fp; fp = curproc->p_md.md_regs; fp->tf_eflags |= PSL_IOPL; diff --git a/sys/arch/i386/i386/sys_machdep.c b/sys/arch/i386/i386/sys_machdep.c index f5605894600..0d0539eea76 100644 --- a/sys/arch/i386/i386/sys_machdep.c +++ b/sys/arch/i386/i386/sys_machdep.c @@ -340,6 +340,10 @@ out: } #endif /* USER_LDT */ +#ifdef APERTURE +extern int allowaperture; +#endif + int i386_iopl(p, args, retval) struct proc *p; @@ -352,6 +356,13 @@ i386_iopl(p, args, retval) if ((error = suser(p->p_ucred, &p->p_acflag)) != 0) return error; +#ifdef APERTURE + if (!allowaperture && securelevel > 0) + return EPERM; +#else + if (securelevel > 0) + return EPERM; +#endif if ((error = copyin(args, &ua, sizeof(ua))) != 0) return error; diff --git a/sys/arch/i386/isa/pccons.c b/sys/arch/i386/isa/pccons.c index 0bdf2e7446e..f66652a2358 100644 --- a/sys/arch/i386/isa/pccons.c +++ b/sys/arch/i386/isa/pccons.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pccons.c,v 1.40 1998/03/16 09:12:39 downsj Exp $ */ +/* $OpenBSD: pccons.c,v 1.41 1998/07/09 18:22:25 deraadt Exp $ */ /* $NetBSD: pccons.c,v 1.99.4.1 1996/06/04 20:03:53 cgd Exp $ */ /*- @@ -1919,7 +1919,8 @@ pc_xmode_on() #ifdef COMPAT_10 /* This is done by i386_iopl(3) now. */ fp = curproc->p_md.md_regs; - fp->tf_eflags |= PSL_IOPL; + if (securelevel <= 0) + fp->tf_eflags |= PSL_IOPL; #endif } @@ -1940,6 +1941,7 @@ pc_xmode_off() screen_restore(0); fp = curproc->p_md.md_regs; - fp->tf_eflags &= ~PSL_IOPL; + if (securelevel <= 0) + fp->tf_eflags &= ~PSL_IOPL; } #endif /* XSERVER */ |