From owner-freebsd-stable@FreeBSD.ORG Wed Jul 12 14:12:33 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A40AC16A4DD; Wed, 12 Jul 2006 14:12:33 +0000 (UTC) (envelope-from keramida@freebsd.org) Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id 47BA143D62; Wed, 12 Jul 2006 14:12:32 +0000 (GMT) (envelope-from keramida@freebsd.org) Received: from gothmog.pc (host5.bedc.ondsl.gr [62.103.39.229]) (authenticated bits=128) by igloo.linux.gr (8.13.7/8.13.7/Debian-1) with ESMTP id k6CEBwqN017754 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 12 Jul 2006 17:12:00 +0300 Received: from gothmog.pc (gothmog [127.0.0.1]) by gothmog.pc (8.13.7/8.13.7) with ESMTP id k6CEBrqu031470; Wed, 12 Jul 2006 17:11:53 +0300 (EEST) (envelope-from keramida@freebsd.org) Received: (from giorgos@localhost) by gothmog.pc (8.13.7/8.13.7/Submit) id k6CEBrwO031469; Wed, 12 Jul 2006 17:11:53 +0300 (EEST) (envelope-from keramida@freebsd.org) Date: Wed, 12 Jul 2006 17:11:53 +0300 From: Giorgos Keramidas To: Alexandros Kosiaris Message-ID: <20060712141153.GB30855@gothmog.pc> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Hellug-MailScanner: Found to be clean X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (score=-4.352, required 5, autolearn=not spam, ALL_TRUSTED -1.80, AWL 0.05, BAYES_00 -2.60) X-Hellug-MailScanner-From: keramida@freebsd.org X-Spam-Status: No Cc: freebsd-current@freebsd.org, freebsd-stable@freebsd.org Subject: Re: Securelevels and /dev/io documentation inconsistency X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Jul 2006 14:12:33 -0000 On 2006-07-12 15:47, Alexandros Kosiaris wrote: > Hello, > > I believe i have stumbled upon a documentation inconsistency > concerning securelevels and usage of /dev/io > > >From init(8) manpage > > 1 Secure mode - the system immutable and system append-only flags may > not be turned off; disks for mounted file systems, /dev/mem, > /dev/kmem and /dev/io (if your platform has it) may not be opened > for writing; kernel modules (see kld(4)) may not be loaded or > unloaded. > > Note the "may not be opened for writing". It is correct for /dev/mem > and /dev/kmem but incorrect for /dev/io as the following experiment > shows: > > 3:40pm ~ # sysctl kern.securelevel > kern.securelevel: 1 > root@mybox > 3:40pm ~ # head /dev/io > head: /dev/io: Operation not permitted > root@mybox > 3:40pm ~ # > > Now the source code in /usr/src/sys/i386/i386/io.c just checks if > securelevel is greater that 0 when opening the device and return > accordingly. > > However from io(4) > > Note that even read-only access will grant the full I/O privileges. > > Which means that changing the code to check if the device is opened > O_RDONLY and then allowing access would be a mistake cancelling the > idea of blocking access to the device through usage of the > securelevel. > > I am correct about the above ? > Does the documentation need a correction in that place? It looks like it does. Would something like this be satisfactory? 1 Secure mode - the system immutable and system append-only flags may not be turned off; disks for mounted file systems, /dev/mem and /dev/kmem may not be opened for writing and /dev/io (if your platform has it) may not be opened at all; kernel modules (see kld(4)) may not be loaded or unloaded. Regards, Giorgos