From owner-freebsd-current@FreeBSD.ORG Thu Jun 5 22:55:39 2008 Return-Path: Delivered-To: current@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5DE9E1065673; Thu, 5 Jun 2008 22:55:39 +0000 (UTC) (envelope-from stas@ht-systems.ru) Received: from smtp.ht-systems.ru (mr0.ht-systems.ru [78.110.50.55]) by mx1.freebsd.org (Postfix) with ESMTP id 0C7018FC0A; Thu, 5 Jun 2008 22:55:38 +0000 (UTC) (envelope-from stas@ht-systems.ru) Received: from [85.21.245.235] (helo=phonon.ht-systems.ru) by smtp.ht-systems.ru with esmtpa (Exim 4.62) (envelope-from ) id 1K4OMp-0001Al-Tz; Fri, 06 Jun 2008 02:55:35 +0400 Received: by phonon.ht-systems.ru (Postfix, from userid 1001) id 0B8147EDDDE; Fri, 6 Jun 2008 02:55:38 +0400 (MSD) Date: Fri, 6 Jun 2008 02:55:33 +0400 From: Stanislav Sedov To: "Poul-Henning Kamp" Message-Id: <20080606025533.8322ee08.stas@FreeBSD.org> In-Reply-To: <10261.1212703949@critter.freebsd.dk> References: <20080606020927.8d6675e1.stas@FreeBSD.org> <10261.1212703949@critter.freebsd.dk> Organization: The FreeBSD Project X-XMPP: ssedov@jabber.ru X-Voice: +7 916 849 20 23 X-PGP-Fingerprin: F21E D6CC 5626 9609 6CE2 A385 2BF5 5993 EB26 9581 X-Mailer: carrier-pigeon Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="PGP-SHA1"; boundary="Signature=_Fri__6_Jun_2008_02_55_33_+0400_ur4aCJjIA6ZHxiit" Cc: kib@FreeBSD.org, Rui Paulo , current@FreeBSD.org Subject: Re: cpuctl(formely devcpu) patch test request X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2008 22:55:39 -0000 --Signature=_Fri__6_Jun_2008_02_55_33_+0400_ur4aCJjIA6ZHxiit Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, 05 Jun 2008 22:12:29 +0000 "Poul-Henning Kamp" mentioned: > In message <20080606020927.8d6675e1.stas@FreeBSD.org>, Stanislav Sedov wr= ites: >=20 > >The updated patch is available at > >http://www.springdaemons.com/stas/cpuctl.2.diff >=20 > Have we fully thought though the potential for halt&catch_fire ? >=20 > Would it make sense to have a more granular security model than=20 > the simple device-node access based "are you root?" test ? There's a check that prevents playing with cpuctl if securelevel is greater than 0. And if it's 0 you can always execute any code you want in kernel mode. Or you're talking about something different? --=20 Stanislav Sedov ST4096-RIPE --Signature=_Fri__6_Jun_2008_02_55_33_+0400_ur4aCJjIA6ZHxiit Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkhIbuoACgkQK/VZk+smlYEIwACfQAsWXCdxFEHOXSY3Mlt/T6b/ WH8AnA1WO0ifuDzWGqwG82FcOtXh4/Ql =jY3G -----END PGP SIGNATURE----- --Signature=_Fri__6_Jun_2008_02_55_33_+0400_ur4aCJjIA6ZHxiit--