From owner-freebsd-current@FreeBSD.ORG Mon Jun 16 20:13:14 2008 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 807B2106567D for ; Mon, 16 Jun 2008 20:13:14 +0000 (UTC) (envelope-from rpaulo@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.171]) by mx1.freebsd.org (Postfix) with ESMTP id 035778FC28 for ; Mon, 16 Jun 2008 20:13:13 +0000 (UTC) (envelope-from rpaulo@gmail.com) Received: by ug-out-1314.google.com with SMTP id q2so497482uge.37 for ; Mon, 16 Jun 2008 13:13:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:cc:subject :message-id:references:mime-version:content-type:content-disposition :in-reply-to:user-agent:sender; bh=kj48qSpkyN7ehByDGtbP5gJeOPNUNZy1ICngKculYYs=; b=dQLwwebQ0gct4vpE9BArwmoHEAEUckTGYAqcocey7GqsYkBmkC0Ym1O0WbBb/9gF2G SP3AU+kPvFIyJ64+O0hepC6WmDgNwO6Ujh/LXtfeFP+uti0W7nNG1NXXwhzP++zDqmEm Ur/Prewk/eIl+fyWvJJyQsI51Z5W/xA2gX2h4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent:sender; b=kV2Q7zZMkKkREgqnYHIqSzrUQ8+yDHyW7tvqv7lg9akvzh0OLYRbb6sEzwpgZhhf0L HCAh1p6PTotARvyu6El+i7LbexJ3fo4uzbJpGjtOzJyLt9pqaxGuV8gPKqn2JfCf0B34 qOEoGKD9PvDvqAx+aHwPZCxDkoM5xcO4S0rMg= Received: by 10.66.244.2 with SMTP id r2mr6300806ugh.73.1213647192778; Mon, 16 Jun 2008 13:13:12 -0700 (PDT) Received: from epsilon.local ( [89.214.196.227]) by mx.google.com with ESMTPS id 36sm2731723ugb.21.2008.06.16.13.13.06 (version=SSLv3 cipher=RC4-MD5); Mon, 16 Jun 2008 13:13:12 -0700 (PDT) Date: Mon, 16 Jun 2008 21:12:48 +0100 From: Rui Paulo To: Stanislav Sedov Message-ID: <20080616201248.GA5703@epsilon.local> References: <20080606020927.8d6675e1.stas@FreeBSD.org> <10261.1212703949@critter.freebsd.dk> <20080606025533.8322ee08.stas@FreeBSD.org> <1212758604.1904.33.camel@localhost> <20080615230250.7f3efae4.stas@FreeBSD.org> <1213557999.1816.15.camel@localhost> <20080616204433.48ad9879.stas@FreeBSD.org> <20080616222740.5cdd9490.stas@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20080616222740.5cdd9490.stas@FreeBSD.org> User-Agent: Mutt/1.5.17 (2007-11-01) Sender: Rui Paulo Cc: Peter Jeremy , Poul-Henning Kamp , kib@freebsd.org, current@freebsd.org, Coleman Kane Subject: Re: cpuctl(formely devcpu) patch test request X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jun 2008 20:13:14 -0000 On Mon, Jun 16, 2008 at 10:27:40PM +0400, Stanislav Sedov wrote: > On Mon, 16 Jun 2008 19:10:17 +0100 > "Rui Paulo" mentioned: > > > There's no security issue here. > > If the system administrator is concerned about "security" of cpuctl, > > he/she just has to compile-out cpuctl or remove the module from the > > file system. > > > > Well, in this case it would be possible to load that again. Setting > a non-zero securelevel or implementing a specific MAC policy might > be a more correct solution. cpuctl(4) won't allow any MSR operations > if securelevel is above zero. Right, so the necessary checks are in place already. Regards, -- Rui Paulo