boot: disable device-pass-through if running unprivileged

* boot/boot.c (device_pass_through): New variable. (main): Disable pass-through if the master device port is not available to us.
author: Justus Winter <4winter@informatik.uni-hamburg.de> 2014-11-07 09:59:46 +0100
committer: Justus Winter <justus@gnupg.org> 2016-09-04 12:31:06 +0200
commit: 02cebe45fca07e08503297dcade6f35135007547 (patch)
tree: bc4af673684eb719ea4548a4c4f4220350d8c1fd
parent: 9c98b0d28be5ed8e1807d866f8480833bd73896c (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/boot/boot.c b/boot/boot.c
index fb26a4b4..ec1ab6c1 100644
--- a/boot/boot.c
+++ b/boot/boot.c
@@ -80,6 +80,7 @@
 static struct termios orig_tty_state;
 static int isig;
 static char *kernel_command_line;
+static int device_pass_through;
 
 static void
 init_termstate ()
@@ -533,6 +534,7 @@ main (int argc, char **argv, char **envp)
     error (4, err, "%s", root_store_name);
 
   get_privileged_ports (&privileged_host_port, &master_device_port);
+  device_pass_through = MACH_PORT_VALID (master_device_port);
 
   strcat (bootstrap_args, "f");
 
@@ -541,7 +543,9 @@ main (int argc, char **argv, char **envp)
 
   if (root_store->class == &store_device_class && root_store->name
       && (root_store->flags & STORE_ENFORCED)
-      && root_store->num_runs == 1 && root_store->runs[0].start == 0)
+      && root_store->num_runs == 1
+      && root_store->runs[0].start == 0
+      && device_pass_through)
     /* Let known device nodes pass through directly.  */
     bootdevice = root_store->name;
   else
author	Justus Winter <4winter@informatik.uni-hamburg.de>	2014-11-07 09:59:46 +0100
committer	Justus Winter <justus@gnupg.org>	2016-09-04 12:31:06 +0200
commit	02cebe45fca07e08503297dcade6f35135007547 (patch)
tree	bc4af673684eb719ea4548a4c4f4220350d8c1fd
parent	9c98b0d28be5ed8e1807d866f8480833bd73896c (diff)