Re: secmodel_securelevel(9) and machdep.svs.enabled

To: tech-kern%NetBSD.org@localhost
Subject: Re: secmodel_securelevel(9) and machdep.svs.enabled
From: Alexander Nasonov <alnsn%yandex.ru@localhost>
Date: Wed, 25 Apr 2018 22:12:01 +0100

Alexander Nasonov wrote:
> Thinking a bit more about this, I don't think my patch will prevent
> data leakage from the kernel because /dev/mem and /dev/kmem are
> readable at all securelevels.

There is an important distrinction, though. Code in sys/dev/mm.c
can be changed to scramble sensitive pages (e.g. cgd(4) keys) while
meltdown is a wild beast and it's nearly impossible to control.

-- 
Alex

References:
- secmodel_securelevel(9) and machdep.svs.enabled
  - From: Alexander Nasonov
- Re: secmodel_securelevel(9) and machdep.svs.enabled
  - From: Alexander Nasonov
- Re: secmodel_securelevel(9) and machdep.svs.enabled
  - From: Alexander Nasonov
- Re: secmodel_securelevel(9) and machdep.svs.enabled
  - From: Maxime Villard
- Re: secmodel_securelevel(9) and machdep.svs.enabled
  - From: Alexander Nasonov

Prev by Date: Re: NetBSD 8.0 RC1 issue
Next by Date: Re: awge0 and 100mb?
Previous by Thread: Re: secmodel_securelevel(9) and machdep.svs.enabled
Next by Thread: Re: secmodel_securelevel(9) and machdep.svs.enabled
Indexes:

Home | Main Index | Thread Index | Old Index