From owner-freebsd-hackers@FreeBSD.ORG  Sun Jun 29 01:14:35 2008
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9DC2A106564A
	for <hackers@freebsd.org>; Sun, 29 Jun 2008 01:14:35 +0000 (UTC)
	(envelope-from mateev@cns-consulting.org)
Received: from smtp-auth.serv.Uni-Osnabrueck.DE
	(sanode12eth0.rz.Uni-Osnabrueck.DE [131.173.17.152])
	by mx1.freebsd.org (Postfix) with ESMTP id 153068FC12
	for <hackers@freebsd.org>; Sun, 29 Jun 2008 01:14:34 +0000 (UTC)
	(envelope-from mateev@cns-consulting.org)
Received: from g227191184.adsl.alicedsl.de (g227191184.adsl.alicedsl.de
	[92.227.191.184]) (authenticated bits=0)
	by smtp-auth.serv.Uni-Osnabrueck.DE (8.13.1/8.13.1) with ESMTP id
	m5T1EWUe031781
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <hackers@freebsd.org>; Sun, 29 Jun 2008 03:14:33 +0200
From: Ivaylo Mateev <mateev@cns-consulting.org>
Organization: CNS Consulting
To: hackers@freebsd.org
User-Agent: KMail/1.9.7
MIME-Version: 1.0
Content-Disposition: inline
Date: Sun, 29 Jun 2008 03:13:21 +0200
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <200806290313.21720.mateev@cns-consulting.org>
X-PMX-Version: 5.4.0.320885, Antispam-Engine: 2.5.2.313940,
	Antispam-Data: 2008.6.28.234911 (Univ. Osnabrueck)
X-PMX-Spam: Gauge=IIIIIII, Probability=7%, Report=SUBJ_1WORD 0.1,
	BODY_SIZE_1200_1299 0, BODY_SIZE_5000_LESS 0, __CD 0, __CT 0,
	__CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __MIME_TEXT_ONLY 0,
	__MIME_VERSION 0, __SANE_MSGID 0, __USER_AGENT 0
X-PMX-Spam-Level: IIIIIII
Cc: 
Subject: Securelevels
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Jun 2008 01:14:35 -0000

Hi,

I think I found a bug.

[strato@darkstar /usr/home/strato]$ sudo sysctl kern.securelevel
kern.securelevel: 2
[strato@darkstar /usr/home/strato]$ kgdb
kgdb: /dev/mem: Permission denied
[strato@darkstar /usr/home/strato]$ sudo kgdb
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: 
Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]

I am running in securelevel 2. That means nithing can have direct access 
to /dev/mem, acording to man security:

1     Secure mode - the system immutable and system append-only flags may
           not be turned off; disks for mounted file systems, /dev/mem and
           /dev/kmem may not be opened for writing; /dev/io (if your platform
           has it) may not be opened at all; kernel modules (see kld(4)) may
           not be loaded or unloaded.

     2     Highly secure mode - same as secure mode, plus disks may not be
           opened for writing (except by mount(2)) whether mounted or not.
           This level precludes tampering with file systems by unmounting
           them, but also inhibits running newfs(8) while the system is multi-
           user.

So is this a bug or I am just to stupid?