My apologies, I was plain wrong here and insisted on it.

	Andrey

On Fri, Jul 20, 2001 at 02:29:20PM -0400, Thor Lancelot Simon wrote:
> On Fri, Jul 20, 2001 at 11:18:55AM -0700, Andrey Petrov wrote:
> > On Fri, Jul 20, 2001 at 10:32:50AM -0400, Thor Lancelot Simon wrote:
> > > On Fri, Jul 20, 2001 at 12:45:33AM -0700, Andrey Petrov wrote:
> > > > 
> > > > I think I meant to say there are no certain memory protection that
> > > > reasonable Unices put even on root. At least today.
> > > 
> > > Well, that's just wrong.
> > > 
> > Every time someone debugs he accesses other process' memory. If you are root
> > you can debug any process in a system. /dev/mem gives you access to the kernel
> > memory. Is that wrong?
> 
> Did you actually trouble yourself to read the section of the init manual
> page to which you've been repeatedly referred?  At securelevel > 0, the
> kernel enforces a set of restrictions specifically designed to prevent any
> user process, even one running as root, from gaining access to the kernel's
> memory; as well as preventing writing raw disks, changing file flags,
> remounting filesystems, etc.  In other words, you're just plain wrong; the
> kernel specifically prevents access to /dev/mem in order to prevent a rogue
> process with root priveleges from making any persistent changes to the
> system.
> 
> The issue of access to the memory space of other user processes is largely
> separate from this; you cannot conduct a privilege-elevation attack by using
> root privilege to access another process' memory, because that process
> cannot, by definition, have more privilege than you already do.  The sole
> exception is init, WHICH IS WHY WE DO NOT ALLOW PTRACE OF INIT.
> -- 
> Thor Lancelot Simon	                                      tls@rek.tjls.com
>     And now he couldn't remember when this passion had flown, leaving him so
>   foolish and bewildered and astray: can any man?
> 						   William Styron
>