Date: Tue, 25 Sep 2001 08:41:28 -0400 (EDT) From: Robert Watson <rwatson@freebsd.org> To: Alfred Perlstein <bright@mu.org> Cc: alpha@freebsd.org, security@freebsd.org Subject: Re: bogon in 4.x memory device Message-ID: <Pine.NEB.3.96L.1010925083942.80452A-100000@fledge.watson.org> In-Reply-To: <20010925020701.X97903@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Looks fine -- a similar change has been made in -CURRENT, although
fortunately in -CURRENT, kmem is no longer required for top to function,
as the sysctl MIB has been expanded. It would be better to MFC the
sysctl/top changes, from a practical security perspective, but this is
certainly the easier change.
Robert N M Watson FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org NAI Labs, Safeport Network Services
On Tue, 25 Sep 2001, Alfred Perlstein wrote:
> without this top(1) fails on machines with raised securelevel.
>
> can anyone review/comment?
>
> Reported by: brian j. peterson <rbw@myplace.org>
>
> Index: mem.c
> ===================================================================
> RCS file: /home/ncvs/src/sys/alpha/alpha/mem.c,v
> retrieving revision 1.19.2.3
> diff -u -r1.19.2.3 mem.c
> --- mem.c 2000/05/14 00:29:44 1.19.2.3
> +++ mem.c 2001/09/25 06:55:30
> @@ -138,7 +138,7 @@
> switch (minor(dev)) {
> case 0:
> case 1:
> - if (securelevel >= 1)
> + if ((flags & FWRITE) && securelevel > 0)
> return (EPERM);
> break;
> case 32:
>
>
> --
> -Alfred Perlstein [alfred@freebsd.org]
> 'Instead of asking why a piece of software is using "1970s technology,"
> start asking why software is ignoring 30 years of accumulated wisdom.'
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-alpha" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010925083942.80452A-100000>