Date: Sat, 28 Jun 2008 21:56:32 -0700 From: perryh@pluto.rain.com To: mateev@cns-consulting.org Cc: hackers@freebsd.org Subject: Re: Securelevels Message-ID: <48671600./haUiSgeAdIdCnzZ%perryh@pluto.rain.com> In-Reply-To: <200806290313.21720.mateev@cns-consulting.org> References: <200806290313.21720.mateev@cns-consulting.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> [strato@darkstar /usr/home/strato]$ sudo sysctl kern.securelevel
> kern.securelevel: 2
> [strato@darkstar /usr/home/strato]$ kgdb
> kgdb: /dev/mem: Permission denied
> [strato@darkstar /usr/home/strato]$ sudo kgdb
> [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so:
> Undefined symbol "ps_pglobal_lookup"]
> GNU gdb 6.1.1 [FreeBSD]
>
> I am running in securelevel 2. That means nithing can have direct
> access to /dev/mem, acording to man security:
>
> 1 Secure mode - ... /dev/mem and /dev/kmem may not be opened
> for writing; ...
^^^^^^^^^^^
>
> 2 Highly secure mode - same as secure mode, plus disks may not
> be opened for writing (except by mount(2)) whether mounted
> or not ...
>
> So is this a bug
I don't think so, because kgdb does not ordinarily need to open
/dev/kmem for writing. Presumably you'd get an error if you tried
to patch the running kernel.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48671600./haUiSgeAdIdCnzZ%perryh>