Date: Wed, 15 Jul 1998 17:12:15 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: Joel Ray Holveck <joelh@gnu.org> Cc: matthew@wolfepub.com, hackers@FreeBSD.ORG Subject: Re: Protecting data in memory Message-ID: <Pine.BSF.3.96.980715171019.14094G-100000@fledge.watson.org> In-Reply-To: <199807152047.PAA15101@detlev.UUCP>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 15 Jul 1998, Joel Ray Holveck wrote: > > Is there any way to protect a programs memory space from all users, even > > root? > > No. root always has access to all memory space. Consider: If it were > otherwise, root could just patch the kernel and gain whatever access > was needed. On the contrary. This is the purpose of securelevels and read-only files/file-systems. UID != supervisor mode access to the machine, and should not be equal to. Currently, indeed, there are many loopholes in the securelevel mechanism, but it is a worthwhile goal. I'd rather not have to completely scrap machines when they are compromised -- rather, know I have a trusted kernel and root file system, and just reinstall application-land. Robert N Watson Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980715171019.14094G-100000>