From owner-freebsd-hackers@FreeBSD.ORG Sun Jun 29 05:29:35 2008 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 66DC4106567E for ; Sun, 29 Jun 2008 05:29:35 +0000 (UTC) (envelope-from perryh@pluto.rain.com) Received: from agora.rdrop.com (oldagora.rdrop.com [199.26.172.34]) by mx1.freebsd.org (Postfix) with ESMTP id 3BA858FC0A for ; Sun, 29 Jun 2008 05:29:34 +0000 (UTC) (envelope-from perryh@pluto.rain.com) Received: from agora.rdrop.com (66@localhost [127.0.0.1]) by agora.rdrop.com (8.13.1/8.12.7) with ESMTP id m5T50hWQ000633 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 28 Jun 2008 22:00:43 -0700 (PDT) (envelope-from perryh@pluto.rain.com) Received: (from uucp@localhost) by agora.rdrop.com (8.13.1/8.12.9/Submit) with UUCP id m5T50hrt000632; Sat, 28 Jun 2008 22:00:43 -0700 (PDT) Received: from fbsd61 by pluto.rain.com (4.1/SMI-4.1-pluto-M2060407) id AA22211; Sat, 28 Jun 08 21:55:35 PDT Date: Sat, 28 Jun 2008 21:56:32 -0700 From: perryh@pluto.rain.com To: mateev@cns-consulting.org Message-Id: <48671600./haUiSgeAdIdCnzZ%perryh@pluto.rain.com> References: <200806290313.21720.mateev@cns-consulting.org> In-Reply-To: <200806290313.21720.mateev@cns-consulting.org> User-Agent: nail 11.25 7/29/05 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: hackers@freebsd.org Subject: Re: Securelevels X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Jun 2008 05:29:35 -0000 > [strato@darkstar /usr/home/strato]$ sudo sysctl kern.securelevel > kern.securelevel: 2 > [strato@darkstar /usr/home/strato]$ kgdb > kgdb: /dev/mem: Permission denied > [strato@darkstar /usr/home/strato]$ sudo kgdb > [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: > Undefined symbol "ps_pglobal_lookup"] > GNU gdb 6.1.1 [FreeBSD] > > I am running in securelevel 2. That means nithing can have direct > access to /dev/mem, acording to man security: > > 1 Secure mode - ... /dev/mem and /dev/kmem may not be opened > for writing; ... ^^^^^^^^^^^ > > 2 Highly secure mode - same as secure mode, plus disks may not > be opened for writing (except by mount(2)) whether mounted > or not ... > > So is this a bug I don't think so, because kgdb does not ordinarily need to open /dev/kmem for writing. Presumably you'd get an error if you tried to patch the running kernel.