tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: secmodel_securelevel(9) and machdep.svs.enabled
Maxime Villard wrote:
> Yes, it's fine. I've never taken care of securelevel, but your change
> can't be incorrect. Perhaps I would use just KAUTH_MACHDEP_SVS instead
> of KAUTH_MACHDEP_SVS_DISABLE, in case another operation gets added in
> the future, but that doesn't matter.
I don't think securelevel should care about details of SVS. If you
want to introduce levels of SVS, KAUTH_MACHDEP_SVS_DISABLE can still
be used to prevent lowering (instead of disabling SVS completely).
Perhaps the name can be changed to KAUTH_MACHDEP_SVS_DEGRADE or
something similar but it's not that important.
Thinking a bit more about this, I don't think my patch will prevent
data leakage from the kernel because /dev/mem and /dev/kmem are
readable at all securelevels. It can only prevent leakage in some
situations. For example, when root is compromised inside chroot
and chroot directory is on a file system mounted with nodev.
--
Alex
Home |
Main Index |
Thread Index |
Old Index