Subject: Re: machdep kauth calls for i386_xxx
To: None <firstname.lastname@example.org>
From: YAMAMOTO Takashi <email@example.com>
Date: 11/09/2006 14:32:32
> I think the patch below is correct and allows the removal of some
> unnecessary (and somewhat obfuscatory) kauth requests. Fundamentally,
> access to the i386 iopl must be assumed to be access to raw memory.
> I didn't touch the machdep kauth requests for the get/set MTRR operations.
> But I would like to remove the kauth calls entirely, unless someone can
> explain to me how it's possible to alter the persistent state of the
> machine by tampering with MTRR entries. I am aware that it's possible to
> easily crash the machine, but, of course, root can already do that with
kauth is not dedicated to tcb or securelevel.