diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 1996-07-31 18:34:37 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 1996-07-31 18:34:37 +0000 |
| commit | ee613103534d9c53b0014c5bb58794ca312720dc (patch) | |
| tree | 2530e0bd3f22e11a5cdc2484ae4f4e296150dce3 /sys | |
| parent | e5d69be73697e3855d9adedf457467e53abd96af (diff) | |
TIOCCONS must be able to VOP_ACCESS() /dev/console to succeed; fixes DOS attack
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/kern/tty.c | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/sys/kern/tty.c b/sys/kern/tty.c index f9fe6d00b29..ffd5757a7e0 100644 --- a/sys/kern/tty.c +++ b/sys/kern/tty.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tty.c,v 1.7 1996/06/17 05:25:03 downsj Exp $ */ +/* $OpenBSD: tty.c,v 1.8 1996/07/31 18:34:36 deraadt Exp $ */ /* $NetBSD: tty.c,v 1.68.4.2 1996/06/06 16:04:52 thorpej Exp $ */ /*- @@ -59,6 +59,8 @@ #include <sys/signalvar.h> #include <sys/resourcevar.h> +#include <sys/namei.h> + #include <vm/vm.h> #include "rnd.h" @@ -708,20 +710,29 @@ ttioctl(tp, cmd, data, flag, p) ttyflush(tp, flags); break; } - case TIOCCONS: /* become virtual console */ + case TIOCCONS: { /* become virtual console */ + struct nameidata nid; + + /* ensure user can open the real console */ + NDINIT(&nid, LOOKUP, FOLLOW, UIO_SYSSPACE, "/dev/console", p); + error = namei(&nid); + if (error) + return (error); + error = VOP_ACCESS(nid.ni_vp, VREAD, p->p_ucred, p); + vrele(nid.ni_vp); + if (error) + return (error); + if (*(int *)data) { if (constty && constty != tp && ISSET(constty->t_state, TS_CARR_ON | TS_ISOPEN) == (TS_CARR_ON | TS_ISOPEN)) return (EBUSY); -#ifndef UCONSOLE - if ((error = suser(p->p_ucred, &p->p_acflag)) != 0) - return (error); -#endif constty = tp; } else if (tp == constty) constty = NULL; break; + } case TIOCDRAIN: /* wait till output drained */ if ((error = ttywait(tp)) != 0) return (error); |