Date: Wed, 15 Jul 1998 17:55:54 -0400 (EDT) From: Luoqi Chen <luoqi@watermarkgroup.com> To: joelh@gnu.org, matthew@wolfepub.com Cc: hackers@FreeBSD.ORG Subject: Re: Protecting data in memory Message-ID: <199807152155.RAA07159@lor.watermarkgroup.com>
next in thread | raw e-mail | index | archive | help
> > Is there any way to protect a programs memory space from all users, even > > root? > > No. root always has access to all memory space. Consider: If it were > otherwise, root could just patch the kernel and gain whatever access > was needed. Actually, if you raise the securelevel to 1 or above, not even root can access kernel memory space (see init(8)). It is still possible to access user process memory space through procfs -- procfs doesn't yet check securelevel before granting access to mem file. To disable procfs, remove PROCFS option from your kernel config file (you may also want to compile file systems like NFS into the kernel instead of lkms), make a new kernel. Remove /proc entry from /etc/fstab, raise securelevel at the very beginning of your /etc/rc file. Boot from the new kernel, and you should be all set. -lq To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807152155.RAA07159>