Date: Sun, 29 Jun 2008 03:13:21 +0200 From: Ivaylo Mateev <mateev@cns-consulting.org> To: hackers@freebsd.org Subject: Securelevels Message-ID: <200806290313.21720.mateev@cns-consulting.org>
next in thread | raw e-mail | index | archive | help
Hi,
I think I found a bug.
[strato@darkstar /usr/home/strato]$ sudo sysctl kern.securelevel
kern.securelevel: 2
[strato@darkstar /usr/home/strato]$ kgdb
kgdb: /dev/mem: Permission denied
[strato@darkstar /usr/home/strato]$ sudo kgdb
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so:
Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
I am running in securelevel 2. That means nithing can have direct access
to /dev/mem, acording to man security:
1 Secure mode - the system immutable and system append-only flags may
not be turned off; disks for mounted file systems, /dev/mem and
/dev/kmem may not be opened for writing; /dev/io (if your platform
has it) may not be opened at all; kernel modules (see kld(4)) may
not be loaded or unloaded.
2 Highly secure mode - same as secure mode, plus disks may not be
opened for writing (except by mount(2)) whether mounted or not.
This level precludes tampering with file systems by unmounting
them, but also inhibits running newfs(8) while the system is multi-
user.
So is this a bug or I am just to stupid?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200806290313.21720.mateev>