From owner-freebsd-hackers  Wed Jul 15 14:12:36 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA17230
          for freebsd-hackers-outgoing; Wed, 15 Jul 1998 14:12:36 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from fledge.watson.org (root@COPLAND.CODA.CS.CMU.EDU [128.2.222.48])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA17221
          for <hackers@FreeBSD.ORG>; Wed, 15 Jul 1998 14:12:34 -0700 (PDT)
          (envelope-from robert@cyrus.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.8.8/8.8.8) with SMTP id RAA16504;
	Wed, 15 Jul 1998 17:12:15 -0400 (EDT)
Date: Wed, 15 Jul 1998 17:12:15 -0400 (EDT)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@fledge.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: Joel Ray Holveck <joelh@gnu.org>
cc: matthew@wolfepub.com, hackers@FreeBSD.ORG
Subject: Re: Protecting data in memory
In-Reply-To: <199807152047.PAA15101@detlev.UUCP>
Message-ID: <Pine.BSF.3.96.980715171019.14094G-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, 15 Jul 1998, Joel Ray Holveck wrote:

> > Is there any way to protect a programs memory space from all users, even
> > root?
> 
> No.  root always has access to all memory space.  Consider: If it were
> otherwise, root could just patch the kernel and gain whatever access
> was needed.

On the contrary.  This is the purpose of securelevels and read-only
files/file-systems.  UID != supervisor mode access to the machine, and
should not be equal to.  Currently, indeed, there are many loopholes in
the securelevel mechanism, but it is a worthwhile goal.  I'd rather not
have to completely scrap machines when they are compromised -- rather,
know I have a trusted kernel and root file system, and just reinstall
application-land.

  Robert N Watson 

Carnegie Mellon University            http://www.cmu.edu/
TIS Labs at Network Associates, Inc.  http://www.tis.com/
SafePort Network Services             http://www.safeport.com/
robert@fledge.watson.org              http://www.watson.org/~robert/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message