svn commit: r317806 - head/sys/dev/nand
Gleb Smirnoff
glebius at FreeBSD.org
Thu May 4 20:42:33 UTC 2017
Author: glebius
Date: Thu May 4 20:42:31 2017
New Revision: 317806
URL: https://svnweb.freebsd.org/changeset/base/317806
Log:
The nandsim(4) simulator driver doesn't have any protection against
races at least in its ioctl handler, and at the same time it creates
device entry with 0666 permissions.
To plug possible issues in it:
- Mark it as needing Giant.
- Switch device mode to 0600.
Submitted by: C Turt
Reviewed by: imp
MFC after: 1 week
Security: Possible double free in ioctl handler
Modified:
head/sys/dev/nand/nandsim.c
Modified: head/sys/dev/nand/nandsim.c
==============================================================================
--- head/sys/dev/nand/nandsim.c Thu May 4 19:55:32 2017 (r317805)
+++ head/sys/dev/nand/nandsim.c Thu May 4 20:42:31 2017 (r317806)
@@ -71,6 +71,7 @@ static struct nandsim_chip *get_nandsim_
static struct cdevsw nandsim_cdevsw = {
.d_version = D_VERSION,
+ .d_flags = D_NEEDGIANT,
.d_ioctl = nandsim_ioctl,
.d_name = "nandsim",
};
@@ -639,7 +640,7 @@ nandsim_modevent(module_t mod __unused,
switch (type) {
case MOD_LOAD:
nandsim_dev = make_dev(&nandsim_cdevsw, 0,
- UID_ROOT, GID_WHEEL, 0666, "nandsim.ioctl");
+ UID_ROOT, GID_WHEEL, 0600, "nandsim.ioctl");
break;
case MOD_UNLOAD:
for (i = 0; i < MAX_SIM_DEV; i++) {
More information about the svn-src-all
mailing list