Date: Fri, 27 Feb 1998 20:28:18 -0800 (PST) From: dima@best.net (Dima Ruban) To: cschuber@uumail.gov.bc.ca Cc: eivind@yes.no, wollman@khavrinen.lcs.mit.edu, cschuber@uumail.gov.bc.ca, freebsd-security@FreeBSD.ORG Subject: Re: OpenBSD Security Advisory: mmap() Problem Message-ID: <199802280428.UAA19048@burka.rdy.com> In-Reply-To: <199802280132.RAA00955@cwsys.cwsent.com> from Cy Schubert - ITSD Open Systems Group at "Feb 27, 98 05:32:08 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Cy Schubert - ITSD Open Systems Group writes: > I've managed to solve the problem while waiting in the doctor's office > this afternoon. According to the 4.4BSD Bible, at securelevel > 0 > /dev/mem and /dev/kmem are read only, which would break XIG's X server > anyway. Securelevel 0 is used only in single user mode, so the XIG X This is not entirely correct. Take a look at OpenBSD's /etc/rc.securelevel. Everything that shoudl have write access to /dev/*mem should be started before securelevel is bumbed. I think, we should not make such a modifications to the patch. > server could only be used in securelevel -1. Here's a new copy of my > hack of the OpenBSD patch. It only allows the insecure mmap access to > character devices at securelevel -1. This seems like a good compromise > because the XIG X server should be broken at securelevels 1 and 2 > anyhow and to allow superuser to write to a read-only /dev/mem device > at securelevel -1 doesn't add any new security exposures. > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199802280428.UAA19048>