From owner-freebsd-current@FreeBSD.ORG Mon Jun 16 18:27:56 2008 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9C4461065679; Mon, 16 Jun 2008 18:27:56 +0000 (UTC) (envelope-from stas@ht-systems.ru) Received: from smtp.ht-systems.ru (mr0.ht-systems.ru [78.110.50.55]) by mx1.freebsd.org (Postfix) with ESMTP id 41BDF8FC15; Mon, 16 Jun 2008 18:27:55 +0000 (UTC) (envelope-from stas@ht-systems.ru) Received: from [78.110.49.49] (helo=quasar.ht-systems.ru) by smtp.ht-systems.ru with esmtpa (Exim 4.62) (envelope-from ) id 1K8JQh-0004cL-LK; Mon, 16 Jun 2008 22:27:47 +0400 Received: by quasar.ht-systems.ru (Postfix, from userid 1024) id 4276173004; Mon, 16 Jun 2008 22:27:46 +0400 (MSD) Date: Mon, 16 Jun 2008 22:27:40 +0400 From: Stanislav Sedov To: "Rui Paulo" Message-Id: <20080616222740.5cdd9490.stas@FreeBSD.org> In-Reply-To: References: <20080606020927.8d6675e1.stas@FreeBSD.org> <10261.1212703949@critter.freebsd.dk> <20080606025533.8322ee08.stas@FreeBSD.org> <1212758604.1904.33.camel@localhost> <20080615230250.7f3efae4.stas@FreeBSD.org> <1213557999.1816.15.camel@localhost> <20080616204433.48ad9879.stas@FreeBSD.org> Organization: The FreeBSD Project X-XMPP: ssedov@jabber.ru X-Voice: +7 916 849 20 23 X-PGP-Fingerprint: F21E D6CC 5626 9609 6CE2 A385 2BF5 5993 EB26 9581 X-Mailer: carrier-pigeon Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="PGP-SHA1"; boundary="Signature=_Mon__16_Jun_2008_22_27_40_+0400_=f56UvvDmM6tqN.c" Cc: current@freebsd.org, Peter Jeremy , Stanislav Sedov , Poul-Henning Kamp , kib@freebsd.org, Coleman Kane Subject: Re: cpuctl(formely devcpu) patch test request X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jun 2008 18:27:56 -0000 --Signature=_Mon__16_Jun_2008_22_27_40_+0400_=f56UvvDmM6tqN.c Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, 16 Jun 2008 19:10:17 +0100 "Rui Paulo" mentioned: > There's no security issue here. > If the system administrator is concerned about "security" of cpuctl, > he/she just has to compile-out cpuctl or remove the module from the > file system. >=20 Well, in this case it would be possible to load that again. Setting a non-zero securelevel or implementing a specific MAC policy might be a more correct solution. cpuctl(4) won't allow any MSR operations if securelevel is above zero. --=20 Stanislav Sedov ST4096-RIPE --Signature=_Mon__16_Jun_2008_22_27_40_+0400_=f56UvvDmM6tqN.c Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkhWsKIACgkQK/VZk+smlYE/XACffS6jU6DlpUwZw4H9WH4sh5g+ CSwAn2jrP1CRu93u6kWydRZ2sa/ZZqac =88k8 -----END PGP SIGNATURE----- --Signature=_Mon__16_Jun_2008_22_27_40_+0400_=f56UvvDmM6tqN.c--