Allow servers to run with fewer privileges:
- allow non-root processes to get their own endpoint - make alloc_contig() call sys_umap() only when requested
This commit is contained in:
David van Moolenbroek
parent
30a7fe5fa9
commit
f197bcb435
5 changed files with 11 additions and 7 deletions
|
|
@ -290,7 +290,6 @@ driver mfs
|
||||||
SAFECOPYTO # 32
|
SAFECOPYTO # 32
|
||||||
GETINFO
|
GETINFO
|
||||||
SETGRANT # 34
|
SETGRANT # 34
|
||||||
UMAP # 14
|
|
||||||
PROFBUF # 38
|
PROFBUF # 38
|
||||||
SYSCTL
|
SYSCTL
|
||||||
;
|
;
|
||||||
|
|
|
||||||
|
|
@ -162,8 +162,7 @@ struct memory {
|
||||||
|
|
||||||
#define STATICINIT(v, n) \
|
#define STATICINIT(v, n) \
|
||||||
if(!(v)) { \
|
if(!(v)) { \
|
||||||
phys_bytes myph; \
|
if(!((v) = alloc_contig(sizeof(*(v)) * (n), 0, NULL))) { \
|
||||||
if(!((v) = alloc_contig(sizeof(*(v)) * (n), 0, &myph))) { \
|
|
||||||
panic(__FILE__, "allocating " #v " failed", n); \
|
panic(__FILE__, "allocating " #v " failed", n); \
|
||||||
} \
|
} \
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -66,8 +66,8 @@ void *alloc_contig(size_t len, int flags, phys_bytes *phys)
|
||||||
buf += align - (buf % align);
|
buf += align - (buf % align);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Get physical address. */
|
/* Get physical address, if requested. */
|
||||||
if(sys_umap_data_fb(SELF, buf, len, phys) != OK)
|
if(phys != NULL && sys_umap_data_fb(SELF, buf, len, phys) != OK)
|
||||||
panic("alloc_contig.c", "sys_umap_data_fb failed", NO_NUM);
|
panic("alloc_contig.c", "sys_umap_data_fb failed", NO_NUM);
|
||||||
|
|
||||||
return (void *) buf;
|
return (void *) buf;
|
||||||
|
|
|
||||||
|
|
@ -82,10 +82,9 @@ int only_search; /* if NO_READ, don't read, else act normal */
|
||||||
if ((bp = front) == NIL_BUF) panic(__FILE__,"all buffers in use", NR_BUFS);
|
if ((bp = front) == NIL_BUF) panic(__FILE__,"all buffers in use", NR_BUFS);
|
||||||
|
|
||||||
if(bp->b_bytes < fs_block_size) {
|
if(bp->b_bytes < fs_block_size) {
|
||||||
phys_bytes ph;
|
|
||||||
ASSERT(!bp->bp);
|
ASSERT(!bp->bp);
|
||||||
ASSERT(bp->b_bytes == 0);
|
ASSERT(bp->b_bytes == 0);
|
||||||
if(!(bp->bp = alloc_contig(fs_block_size, 0, &ph))) {
|
if(!(bp->bp = alloc_contig(fs_block_size, 0, NULL))) {
|
||||||
printf("MFS: couldn't allocate a new block.\n");
|
printf("MFS: couldn't allocate a new block.\n");
|
||||||
for(bp = front;
|
for(bp = front;
|
||||||
bp && bp->b_bytes < fs_block_size; bp = bp->b_next)
|
bp && bp->b_bytes < fs_block_size; bp = bp->b_next)
|
||||||
|
|
|
||||||
|
|
@ -314,6 +314,13 @@ PUBLIC int do_getprocnr()
|
||||||
/* This call should be moved to DS. */
|
/* This call should be moved to DS. */
|
||||||
if (mp->mp_effuid != 0)
|
if (mp->mp_effuid != 0)
|
||||||
{
|
{
|
||||||
|
/* For now, allow non-root processes to request their own endpoint. */
|
||||||
|
if (m_in.pid < 0 && m_in.namelen == 0) {
|
||||||
|
mp->mp_reply.PM_ENDPT = who_e;
|
||||||
|
mp->mp_reply.PM_PENDPT = NONE;
|
||||||
|
return OK;
|
||||||
|
}
|
||||||
|
|
||||||
printf("PM: unauthorized call of do_getprocnr by proc %d\n",
|
printf("PM: unauthorized call of do_getprocnr by proc %d\n",
|
||||||
mp->mp_endpoint);
|
mp->mp_endpoint);
|
||||||
sys_sysctl_stacktrace(mp->mp_endpoint);
|
sys_sysctl_stacktrace(mp->mp_endpoint);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue