On Fri, Jul 20, 2001 at 11:18:55AM -0700, Andrey Petrov wrote:
> On Fri, Jul 20, 2001 at 10:32:50AM -0400, Thor Lancelot Simon wrote:
> > On Fri, Jul 20, 2001 at 12:45:33AM -0700, Andrey Petrov wrote:
> > > 
> > > I think I meant to say there are no certain memory protection that
> > > reasonable Unices put even on root. At least today.
> > 
> > Well, that's just wrong.
> > 
> Every time someone debugs he accesses other process' memory. If you are root
> you can debug any process in a system. /dev/mem gives you access to the kernel
> memory. Is that wrong?

Did you actually trouble yourself to read the section of the init manual
page to which you've been repeatedly referred?  At securelevel > 0, the
kernel enforces a set of restrictions specifically designed to prevent any
user process, even one running as root, from gaining access to the kernel's
memory; as well as preventing writing raw disks, changing file flags,
remounting filesystems, etc.  In other words, you're just plain wrong; the
kernel specifically prevents access to /dev/mem in order to prevent a rogue
process with root priveleges from making any persistent changes to the
system.

The issue of access to the memory space of other user processes is largely
separate from this; you cannot conduct a privilege-elevation attack by using
root privilege to access another process' memory, because that process
cannot, by definition, have more privilege than you already do.  The sole
exception is init, WHICH IS WHY WE DO NOT ALLOW PTRACE OF INIT.

-- 
Thor Lancelot Simon	                                      tls@rek.tjls.com
    And now he couldn't remember when this passion had flown, leaving him so
  foolish and bewildered and astray: can any man?
						   William Styron