Aren/toaruos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

e1000: restrict access to SIOCS* family, write()

Browse Source
This commit is contained in:
K. Lange 2022-03-07 18:05:50 +09:00
parent 2700849ca2
commit d0a4583988
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/panel_network.c
View File

@ -64,7 +64,7 @@ static void check_network(const char * if_name) {
char if_path[512]; char if_path[512];
snprintf(if_path, 511, "/dev/net/%s", if_name); snprintf(if_path, 511, "/dev/net/%s", if_name);
int netdev = open(if_path, O_RDWR); int netdev = open(if_path, O_RDONLY);
if (netdev < 0) return; if (netdev < 0) return;

8
modules/e1000.c
View File

@ -308,6 +308,8 @@ static void init_tx(struct e1000_nic * device) {
write_command(device, E1000_REG_TCTRL, tctl); write_command(device, E1000_REG_TCTRL, tctl);
} }
#define privileged() do { if (this_core->current_process->user != USER_ROOT_UID) { return -EPERM; } } while (0)
static int ioctl_e1000(fs_node_t * node, unsigned long request, void * argp) { static int ioctl_e1000(fs_node_t * node, unsigned long request, void * argp) {
struct e1000_nic * nic = node->device; struct e1000_nic * nic = node->device;
@ -322,6 +324,7 @@ static int ioctl_e1000(fs_node_t * node, unsigned long request, void * argp) {
memcpy(argp, &nic->eth.ipv4_addr, sizeof(nic->eth.ipv4_addr)); memcpy(argp, &nic->eth.ipv4_addr, sizeof(nic->eth.ipv4_addr));
return 0; return 0;
case SIOCSIFADDR: case SIOCSIFADDR:
privileged();
memcpy(&nic->eth.ipv4_addr, argp, sizeof(nic->eth.ipv4_addr)); memcpy(&nic->eth.ipv4_addr, argp, sizeof(nic->eth.ipv4_addr));
return 0; return 0;
case SIOCGIFNETMASK: case SIOCGIFNETMASK:
@ -329,6 +332,7 @@ static int ioctl_e1000(fs_node_t * node, unsigned long request, void * argp) {
memcpy(argp, &nic->eth.ipv4_subnet, sizeof(nic->eth.ipv4_subnet)); memcpy(argp, &nic->eth.ipv4_subnet, sizeof(nic->eth.ipv4_subnet));
return 0; return 0;
case SIOCSIFNETMASK: case SIOCSIFNETMASK:
privileged();
memcpy(&nic->eth.ipv4_subnet, argp, sizeof(nic->eth.ipv4_subnet)); memcpy(&nic->eth.ipv4_subnet, argp, sizeof(nic->eth.ipv4_subnet));
return 0; return 0;
case SIOCGIFGATEWAY: case SIOCGIFGATEWAY:
@ -336,6 +340,7 @@ static int ioctl_e1000(fs_node_t * node, unsigned long request, void * argp) {
memcpy(argp, &nic->eth.ipv4_gateway, sizeof(nic->eth.ipv4_gateway)); memcpy(argp, &nic->eth.ipv4_gateway, sizeof(nic->eth.ipv4_gateway));
return 0; return 0;
case SIOCSIFGATEWAY: case SIOCSIFGATEWAY:
privileged();
memcpy(&nic->eth.ipv4_gateway, argp, sizeof(nic->eth.ipv4_gateway)); memcpy(&nic->eth.ipv4_gateway, argp, sizeof(nic->eth.ipv4_gateway));
net_arp_ask(nic->eth.ipv4_gateway, node); net_arp_ask(nic->eth.ipv4_gateway, node);
return 0; return 0;
@ -343,6 +348,7 @@ static int ioctl_e1000(fs_node_t * node, unsigned long request, void * argp) {
case SIOCGIFADDR6: case SIOCGIFADDR6:
return -ENOENT; return -ENOENT;
case SIOCSIFADDR6: case SIOCSIFADDR6:
privileged();
memcpy(&nic->eth.ipv6_addr, argp, sizeof(nic->eth.ipv6_addr)); memcpy(&nic->eth.ipv6_addr, argp, sizeof(nic->eth.ipv6_addr));
return 0; return 0;
@ -490,7 +496,7 @@ static void e1000_init(struct e1000_nic * nic) {
nic->eth.device_node = calloc(sizeof(fs_node_t),1); nic->eth.device_node = calloc(sizeof(fs_node_t),1);
snprintf(nic->eth.device_node->name, 100, "%s", nic->eth.if_name); snprintf(nic->eth.device_node->name, 100, "%s", nic->eth.if_name);
nic->eth.device_node->flags = FS_BLOCKDEVICE; /* NETDEVICE? */ nic->eth.device_node->flags = FS_BLOCKDEVICE; /* NETDEVICE? */
nic->eth.device_node->mask = 0666; /* temporary; shouldn't be doing this with these device files */ nic->eth.device_node->mask = 0644; /* temporary; shouldn't be doing this with these device files */
nic->eth.device_node->ioctl = ioctl_e1000; nic->eth.device_node->ioctl = ioctl_e1000;
nic->eth.device_node->write = write_e1000; nic->eth.device_node->write = write_e1000;
nic->eth.device_node->device = nic; nic->eth.device_node->device = nic;