Re: secmodel_securelevel(9) and machdep.svs.enabled

To: Alexander Nasonov <alnsn%yandex.ru@localhost>
Subject: Re: secmodel_securelevel(9) and machdep.svs.enabled
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Thu, 26 Apr 2018 08:03:14 -0400

On Wed, Apr 25, 2018 at 09:43:18PM +0100, Alexander Nasonov wrote:
> 
> Thinking a bit more about this, I don't think my patch will prevent
> data leakage from the kernel because /dev/mem and /dev/kmem are
> readable at all securelevels. It can only prevent leakage in some

If that is true it's a serious regression.  Are you talking about the
pathological case where "options INSECURE" is set?

Thor

References:
- secmodel_securelevel(9) and machdep.svs.enabled
  - From: Alexander Nasonov
- Re: secmodel_securelevel(9) and machdep.svs.enabled
  - From: Alexander Nasonov
- Re: secmodel_securelevel(9) and machdep.svs.enabled
  - From: Alexander Nasonov
- Re: secmodel_securelevel(9) and machdep.svs.enabled
  - From: Maxime Villard
- Re: secmodel_securelevel(9) and machdep.svs.enabled
  - From: Alexander Nasonov

Prev by Date: Re: awge0 and 100mb?
Next by Date: Re: secmodel_securelevel(9) and machdep.svs.enabled
Previous by Thread: Re: secmodel_securelevel(9) and machdep.svs.enabled
Next by Thread: Re: secmodel_securelevel(9) and machdep.svs.enabled
Indexes:

Home | Main Index | Thread Index | Old Index