On Sat, Dec 02, 2000 at 21:38:19 -0700, Lyndon Nerenberg wrote:
> >>>>> "Kenneth" == Kenneth D Merry <[EMAIL PROTECTED]> writes:
>
> >> Is there any reason why the FWRITE test cannot/should not be
> >> moved down into the 'case PCIOCWRITE' part of the switch? This
> >> would make both PCIOCGETCONF and PCIOCREAD work for readonly
> >> access to /dev/pci (which seems to me to be saner behaviour).
>
> Kenneth> At least with the PCIOCGETCONF, you need write
> Kenneth> permission, because it copies in patterns to match
> Kenneth> against.
>
> Does that have to equate with write access? Since you aren't changing
> anything (device-wise) it seems this should be a read-only thing (even
> though you're actually writing into the kernel memory arena).
>From your comments below, you apparantly don't have to have write access to
do a copyin.
I would like to have pciconf -l available for normal users, but my only
hesitation is that there could be security implications. If we can get
someone (i.e. a security type person) to check the PCIOCGETCONF code
carefully for any potential problems, then we can enable it for normal
users.
The code wasn't written with security in mind, so I don't want to open it
up to regular users without a security evaluation. If we can get that,
then I don't see a problem with allowing read only access for that ioctl.
Ken
--
Kenneth Merry
[EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
