Date: Mon, 16 Jun 2008 21:12:48 +0100 From: Rui Paulo <rpaulo@FreeBSD.org> To: Stanislav Sedov <stas@FreeBSD.org> Cc: Peter Jeremy <peterjeremy@optushome.com.au>, Poul-Henning Kamp <phk@phk.freebsd.dk>, kib@freebsd.org, current@freebsd.org, Coleman Kane <cokane@freebsd.org> Subject: Re: cpuctl(formely devcpu) patch test request Message-ID: <20080616201248.GA5703@epsilon.local> In-Reply-To: <20080616222740.5cdd9490.stas@FreeBSD.org> References: <20080606020927.8d6675e1.stas@FreeBSD.org> <10261.1212703949@critter.freebsd.dk> <20080606025533.8322ee08.stas@FreeBSD.org> <1212758604.1904.33.camel@localhost> <20080615230250.7f3efae4.stas@FreeBSD.org> <1213557999.1816.15.camel@localhost> <20080616204433.48ad9879.stas@FreeBSD.org> <e1309ba60806161110x5f774fcdic2f5c7b2e7bcb83e@mail.gmail.com> <20080616222740.5cdd9490.stas@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 16, 2008 at 10:27:40PM +0400, Stanislav Sedov wrote: > On Mon, 16 Jun 2008 19:10:17 +0100 > "Rui Paulo" <rpaulo@FreeBSD.org> mentioned: > > > There's no security issue here. > > If the system administrator is concerned about "security" of cpuctl, > > he/she just has to compile-out cpuctl or remove the module from the > > file system. > > > > Well, in this case it would be possible to load that again. Setting > a non-zero securelevel or implementing a specific MAC policy might > be a more correct solution. cpuctl(4) won't allow any MSR operations > if securelevel is above zero. Right, so the necessary checks are in place already. Regards, -- Rui Paulo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080616201248.GA5703>