On Thu, Nov 09, 2006 at 02:32:32PM +0900, YAMAMOTO Takashi wrote:
> > 
> > I didn't touch the machdep kauth requests for the get/set MTRR operations.
> > But I would like to remove the kauth calls entirely, unless someone can
> > explain to me how it's possible to alter the persistent state of the
> > machine by tampering with MTRR entries.  I am aware that it's possible to
> > easily crash the machine, but, of course, root can already do that with
> > reboot()...
> 
> kauth is not dedicated to tcb or securelevel.

Oh, right, of course, these must have been suser checks before, not
securelevel checks.  Duh.

Does the other part of the proposed change look OK to you?  I realize I
will need to update it since the raw i/o requests have moved to device
scope.

Thor