diff options
| author | Pawel Jakub Dawidek <pjd@FreeBSD.org> | 2014-11-11 04:48:09 +0000 |
|---|---|---|
| committer | Pawel Jakub Dawidek <pjd@FreeBSD.org> | 2014-11-11 04:48:09 +0000 |
| commit | 5ebb15b942bfe98b9b972117ecb04e97de8cb947 (patch) | |
| tree | 50c91c0cb6b68e5c95df470c4307f6905a76e30f /sys/dev | |
| parent | 0b837c87ceea68219a59bb7b1fe5357d214b22a7 (diff) | |
| download | src-5ebb15b942bfe98b9b972117ecb04e97de8cb947.tar.gz src-5ebb15b942bfe98b9b972117ecb04e97de8cb947.zip | |
Add missing privilege check when setting the dump device. Before that change it
was possible for a regular user to setup the dump device if he had write access
to the given device. In theory it is a security issue as user might get access
to kernel's memory after provoking kernel crash, but in practise it is not
recommended to give regular users direct access to storage devices.
Rework the code so that we do privileges check within the set_dumper() function
to avoid similar problems in the future.
Discussed with: secteam
Notes
Notes:
svn path=/head/; revision=274366
Diffstat (limited to 'sys/dev')
| -rw-r--r-- | sys/dev/null/null.c | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/sys/dev/null/null.c b/sys/dev/null/null.c index f836147a773c..c8966df8ac4b 100644 --- a/sys/dev/null/null.c +++ b/sys/dev/null/null.c @@ -37,7 +37,6 @@ __FBSDID("$FreeBSD$"); #include <sys/kernel.h> #include <sys/malloc.h> #include <sys/module.h> -#include <sys/priv.h> #include <sys/disk.h> #include <sys/bus.h> #include <sys/filio.h> @@ -110,9 +109,7 @@ null_ioctl(struct cdev *dev __unused, u_long cmd, caddr_t data __unused, switch (cmd) { case DIOCSKERNELDUMP: - error = priv_check(td, PRIV_SETDUMPER); - if (error == 0) - error = set_dumper(NULL, NULL); + error = set_dumper(NULL, NULL, td); break; case FIONBIO: break; |