Subject: Re: machdep kauth calls for i386_xxx
To: None <>
From: YAMAMOTO Takashi <>
List: port-amd64
Date: 11/09/2006 14:32:32
> I think the patch below is correct and allows the removal of some
> unnecessary (and somewhat obfuscatory) kauth requests.  Fundamentally,
> access to the i386 iopl must be assumed to be access to raw memory.
> I didn't touch the machdep kauth requests for the get/set MTRR operations.
> But I would like to remove the kauth calls entirely, unless someone can
> explain to me how it's possible to alter the persistent state of the
> machine by tampering with MTRR entries.  I am aware that it's possible to
> easily crash the machine, but, of course, root can already do that with
> reboot()...

kauth is not dedicated to tcb or securelevel.