Date: Fri, 6 Jun 2008 02:55:33 +0400 From: Stanislav Sedov <stas@FreeBSD.org> To: "Poul-Henning Kamp" <phk@phk.freebsd.dk> Cc: kib@FreeBSD.org, Rui Paulo <rpaulo@FreeBSD.org>, current@FreeBSD.org Subject: Re: cpuctl(formely devcpu) patch test request Message-ID: <20080606025533.8322ee08.stas@FreeBSD.org> In-Reply-To: <10261.1212703949@critter.freebsd.dk> References: <20080606020927.8d6675e1.stas@FreeBSD.org> <10261.1212703949@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
--Signature=_Fri__6_Jun_2008_02_55_33_+0400_ur4aCJjIA6ZHxiit Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, 05 Jun 2008 22:12:29 +0000 "Poul-Henning Kamp" <phk@phk.freebsd.dk> mentioned: > In message <20080606020927.8d6675e1.stas@FreeBSD.org>, Stanislav Sedov wr= ites: >=20 > >The updated patch is available at > >http://www.springdaemons.com/stas/cpuctl.2.diff >=20 > Have we fully thought though the potential for halt&catch_fire ? >=20 > Would it make sense to have a more granular security model than=20 > the simple device-node access based "are you root?" test ? There's a check that prevents playing with cpuctl if securelevel is greater than 0. And if it's 0 you can always execute any code you want in kernel mode. Or you're talking about something different? --=20 Stanislav Sedov ST4096-RIPE --Signature=_Fri__6_Jun_2008_02_55_33_+0400_ur4aCJjIA6ZHxiit Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkhIbuoACgkQK/VZk+smlYEIwACfQAsWXCdxFEHOXSY3Mlt/T6b/ WH8AnA1WO0ifuDzWGqwG82FcOtXh4/Ql =jY3G -----END PGP SIGNATURE----- --Signature=_Fri__6_Jun_2008_02_55_33_+0400_ur4aCJjIA6ZHxiit--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080606025533.8322ee08.stas>