diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 1996-08-11 23:26:09 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 1996-08-11 23:26:09 +0000 |
| commit | a5626338bf8e77f01adc5e828471077e546b7ff8 (patch) | |
| tree | 7ce29149950279f1aa4da97cdb0af07cc84163a7 | |
| parent | 95d95400508740acc4f2cf1907793208f8c9692c (diff) | |
limit ioctl priviledges
| -rw-r--r-- | sys/scsi/scsi_ioctl.c | 45 | ||||
| -rw-r--r-- | sys/scsi/scsiconf.h | 14 | ||||
| -rw-r--r-- | sys/scsi/ss.c | 5 | ||||
| -rw-r--r-- | sys/scsi/st.c | 5 | ||||
| -rw-r--r-- | sys/scsi/uk.c | 4 |
5 files changed, 51 insertions, 22 deletions
diff --git a/sys/scsi/scsi_ioctl.c b/sys/scsi/scsi_ioctl.c index c11dfba368b..d21f7ac77fb 100644 --- a/sys/scsi/scsi_ioctl.c +++ b/sys/scsi/scsi_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scsi_ioctl.c,v 1.4 1996/06/17 05:16:44 downsj Exp $ */ +/* $OpenBSD: scsi_ioctl.c,v 1.5 1996/08/11 23:26:03 deraadt Exp $ */ /* $NetBSD: scsi_ioctl.c,v 1.20 1996/02/14 21:47:22 christos Exp $ */ /* @@ -333,6 +333,8 @@ scsi_do_ioctl(sc_link, dev, cmd, addr, flag, p) case SCIOCDEBUG: { int level = *((int *)addr); + if ((flag & FWRITE) == 0) + return EBADF; SC_DEBUG(sc_link, SDEV_DB3, ("debug set to %d\n", level)); sc_link->flags &= ~SDEV_DBX; /* clear debug bits */ if (level & 1) @@ -348,29 +350,52 @@ scsi_do_ioctl(sc_link, dev, cmd, addr, flag, p) case SCIOCREPROBE: { struct scsi_addr *sca = (struct scsi_addr *)addr; + if ((flag & FWRITE) == 0) + return EBADF; return scsi_probe_busses(sca->scbus, sca->target, sca->lun); } case SCIOCRECONFIG: case SCIOCDECONFIG: return EINVAL; - case SCIOCIDENTIFY: { - struct scsi_addr *sca = (struct scsi_addr *)addr; - - sca->scbus = sc_link->scsibus; - sca->target = sc_link->target; - sca->lun = sc_link->lun; - return 0; - } case SCIOCRESET: { + if ((flag & FWRITE) == 0) + return EBADF; scsi_scsi_cmd(sc_link, 0, 0, 0, 0, GENRETRY, 2000, NULL, SCSI_RESET); return 0; } default: - return ENOTTY; + return scsi_do_safeioctl(sc_link, dev, cmd, addr, flag, p); } #ifdef DIAGNOSTIC panic("scsi_do_ioctl: impossible"); #endif } + +int +scsi_do_safeioctl(sc_link, dev, cmd, addr, flag, p) + struct scsi_link *sc_link; + dev_t dev; + u_long cmd; + caddr_t addr; + int flag; + struct proc *p; +{ + int error; + + SC_DEBUG(sc_link, SDEV_DB2, ("scsi_do_ioctl(0x%lx)\n", cmd)); + + switch(cmd) { + case SCIOCIDENTIFY: { + struct scsi_addr *sca = (struct scsi_addr *)addr; + + sca->scbus = sc_link->scsibus; + sca->target = sc_link->target; + sca->lun = sc_link->lun; + return 0; + } + default: + return ENOTTY; + } +} diff --git a/sys/scsi/scsiconf.h b/sys/scsi/scsiconf.h index 6a4991efd7a..65e7b97f125 100644 --- a/sys/scsi/scsiconf.h +++ b/sys/scsi/scsiconf.h @@ -264,7 +264,8 @@ struct scsi_xfer { #define XS_TIMEOUT 4 /* The Timeout reported was caught by SW */ #define XS_BUSY 5 /* The device busy, try again later? */ -caddr_t scsi_inqmatch __P((struct scsi_inquiry_data *, caddr_t, int, int, int *)); +caddr_t scsi_inqmatch __P((struct scsi_inquiry_data *, caddr_t, int, + int, int *)); struct scsi_xfer *scsi_get_xs __P((struct scsi_link *, int)); void scsi_free_xs __P((struct scsi_xfer *, int)); @@ -278,11 +279,12 @@ int scsi_start __P((struct scsi_link *, int, int)); void scsi_done __P((struct scsi_xfer *)); void scsi_user_done __P((struct scsi_xfer *)); int scsi_scsi_cmd __P((struct scsi_link *, struct scsi_generic *, - int cmdlen, u_char *data_addr, - int datalen, int retries, - int timeout, struct buf *bp, - int flags)); -int scsi_do_ioctl __P((struct scsi_link *, dev_t, u_long, caddr_t, int, struct proc *)); + int cmdlen, u_char *data_addr, int datalen, int retries, + int timeout, struct buf *bp, int flags)); +int scsi_do_ioctl __P((struct scsi_link *, dev_t, u_long, caddr_t, + int, struct proc *)); +int scsi_do_safeioctl __P((struct scsi_link *, dev_t, u_long, caddr_t, + int, struct proc *)); void sc_print_addr __P((struct scsi_link *)); void show_scsi_xs __P((struct scsi_xfer *)); diff --git a/sys/scsi/ss.c b/sys/scsi/ss.c index 958f2c2f70d..84e6f414554 100644 --- a/sys/scsi/ss.c +++ b/sys/scsi/ss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ss.c,v 1.7 1996/07/30 11:04:08 deraadt Exp $ */ +/* $OpenBSD: ss.c,v 1.8 1996/08/11 23:26:05 deraadt Exp $ */ /* $NetBSD: ss.c,v 1.10 1996/05/05 19:52:55 christos Exp $ */ /* @@ -480,7 +480,8 @@ ssioctl(dev, cmd, addr, flag, p) default: if (SSMODE(dev) != MODE_CONTROL) return (ENOTTY); - return (scsi_do_ioctl(ss->sc_link, dev, cmd, addr, flag, p)); + return (scsi_do_safeioctl(ss->sc_link, dev, cmd, addr, + flag, p)); } return (error); } diff --git a/sys/scsi/st.c b/sys/scsi/st.c index 5d2b8e96809..97a4a811daf 100644 --- a/sys/scsi/st.c +++ b/sys/scsi/st.c @@ -1,4 +1,4 @@ -/* $OpenBSD: st.c,v 1.11 1996/05/10 12:31:41 deraadt Exp $ */ +/* $OpenBSD: st.c,v 1.12 1996/08/11 23:26:07 deraadt Exp $ */ /* $NetBSD: st.c,v 1.66 1996/05/05 19:53:01 christos Exp $ */ /* @@ -1196,7 +1196,8 @@ stioctl(dev, cmd, arg, flag, p) break; default: if (STMODE(dev) == CTLMODE) - error = scsi_do_ioctl(st->sc_link, dev, cmd, arg, flag, p); + error = scsi_do_safeioctl(st->sc_link, dev, + cmd, arg, flag, p); else error = ENOTTY; break; diff --git a/sys/scsi/uk.c b/sys/scsi/uk.c index f040a359e38..7652b9e66b6 100644 --- a/sys/scsi/uk.c +++ b/sys/scsi/uk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uk.c,v 1.3 1996/04/21 22:31:23 deraadt Exp $ */ +/* $OpenBSD: uk.c,v 1.4 1996/08/11 23:26:08 deraadt Exp $ */ /* $NetBSD: uk.c,v 1.15 1996/03/17 00:59:57 thorpej Exp $ */ /* @@ -176,5 +176,5 @@ ukioctl(dev, cmd, addr, flag, p) { register struct uk_softc *uk = uk_cd.cd_devs[UKUNIT(dev)]; - return scsi_do_ioctl(uk->sc_link, dev, cmd, addr, flag, p); + return scsi_do_safeioctl(uk->sc_link, dev, cmd, addr, flag, p); } |