From owner-freebsd-hackers  Wed Jul 15 16:08:11 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA02175
          for freebsd-hackers-outgoing; Wed, 15 Jul 1998 16:08:11 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from mail.camalott.com (root@mail.camalott.com [208.203.140.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA02162
          for <hackers@freebsd.org>; Wed, 15 Jul 1998 16:08:06 -0700 (PDT)
          (envelope-from joelh@gnu.org)
Received: from detlev.UUCP (tex-112.camalott.com [208.229.74.112])
	by mail.camalott.com (8.8.7/8.8.5) with ESMTP id SAA05526;
	Wed, 15 Jul 1998 18:08:35 -0500
Received: (from joelh@localhost)
	by detlev.UUCP (8.8.8/8.8.8) id SAA15384;
	Wed, 15 Jul 1998 18:07:48 -0500 (CDT)
	(envelope-from joelh)
Date: Wed, 15 Jul 1998 18:07:48 -0500 (CDT)
Message-Id: <199807152307.SAA15384@detlev.UUCP>
To: luoqi@watermarkgroup.com
CC: matthew@wolfepub.com, hackers@FreeBSD.ORG
In-reply-to: <199807152155.RAA07159@lor.watermarkgroup.com> (message from
	Luoqi Chen on Wed, 15 Jul 1998 17:55:54 -0400 (EDT))
Subject: Re: Protecting data in memory
From: Joel Ray Holveck <joelh@gnu.org>
Reply-to: joelh@gnu.org
References:  <199807152155.RAA07159@lor.watermarkgroup.com>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>>> Is there any way to protect a programs memory space from all users, even
>>> root?
>> No.  root always has access to all memory space.  Consider: If it were
>> otherwise, root could just patch the kernel and gain whatever access
>> was needed.
> Actually, if you raise the securelevel to 1 or above, not even root can
> access kernel memory space (see init(8)).

Er, according to init(8), then root cannot *write* to kernel memory.

I am basically familiar with securelevel.  I oversimplified my
example.

Best,
joelh

-- 
Joel Ray Holveck - joelh@gnu.org - http://www.wp.com/piquan
   Fourth law of programming:
   Anything that can go wrong wi
sendmail: segmentation violation - core dumped

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message