Subject: Re: kern/35821: /dev/mem is not readable any more
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Martin Husemann <martin@duskware.de>
List: netbsd-bugs
Date: 02/25/2007 17:20:02
The following reply was made to PR kern/35821; it has been noted by GNATS.
From: Martin Husemann <martin@duskware.de>
To: Elad Efrat <elad@bsd.org.il>
Cc: gnats-bugs@NetBSD.org, yamt@NetBSD.org
Subject: Re: kern/35821: /dev/mem is not readable any more
Date: Sun, 25 Feb 2007 18:18:51 +0100
On Sun, Feb 25, 2007 at 06:28:06PM +0200, Elad Efrat wrote:
> the problem is that the unmanaged memory access policy was different on
> several architectures. since nobody voiced in when the discussions took
> place, the decision was to go by the i386 policy on all archs and
> restrict access to unmanaged memory to securelevel <= 0. (this is
> documented in secmodel_bsd44(9) btw, under securelevel implications)
Yes, I remember that discussion and was not aware that this would
affect things like bios dumping.
I do not want to restart the whole discussion, but for the concrete case
at hand:
> - default-defer in the unified kauth machdep listener at least for
> KAUTH_MACHDEP_UNMANAGEDMEM
> - write per-architecture exclusions, like the one you note above
The former is just a cleaner method to implement the latter?
If this all is considered the "right" and intended behaviour,
I'm also fine with adding proper error handling to acpidump (which should
be done anyway), and improving the relevant documentation ({p}read(2), maybe
secmodel_bsd44(9)).
Martin