From owner-freebsd-current@FreeBSD.ORG Fri Jun 6 13:41:19 2008 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D686E1065674 for ; Fri, 6 Jun 2008 13:41:19 +0000 (UTC) (envelope-from cokane@cokane.org) Received: from QMTA09.westchester.pa.mail.comcast.net (qmta09.westchester.pa.mail.comcast.net [76.96.62.96]) by mx1.freebsd.org (Postfix) with ESMTP id 80B348FC13 for ; Fri, 6 Jun 2008 13:41:19 +0000 (UTC) (envelope-from cokane@cokane.org) Received: from OMTA09.westchester.pa.mail.comcast.net ([76.96.62.20]) by QMTA09.westchester.pa.mail.comcast.net with comcast id aaw61Z0060SCNGk5909i00; Fri, 06 Jun 2008 13:25:18 +0000 Received: from mail.cokane.org ([24.60.133.163]) by OMTA09.westchester.pa.mail.comcast.net with comcast id adRE1Z00C3Xh0XL3V00000; Fri, 06 Jun 2008 13:25:15 +0000 X-Authority-Analysis: v=1.0 c=1 a=s8X_vqkLaPIA:10 a=fHXOHqj8bjYA:10 a=F-Y6h51ZAAAA:8 a=fRkkMdLw-lqzG6E3Kc0A:9 a=Ue263kY3yX9Tq0V8rUzKE7S_4eUA:4 a=SV7veod9ZcQA:10 a=LY0hPdMaydYA:10 Received: by mail.cokane.org (Postfix, from userid 103) id 5CC9C1DB2FA; Fri, 6 Jun 2008 09:25:14 -0400 (EDT) X-Spam-Checker-Version: SpamAssassin 3.1.8-gr1 (2007-02-13) on discordia X-Spam-Level: X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.1.8-gr1 Received: from [172.20.1.3] (erwin.int.cokane.org [172.20.1.3]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.cokane.org (Postfix) with ESMTP id E173B1DB2F9; Fri, 6 Jun 2008 09:24:55 -0400 (EDT) From: Coleman Kane To: Stanislav Sedov In-Reply-To: <20080606025533.8322ee08.stas@FreeBSD.org> References: <20080606020927.8d6675e1.stas@FreeBSD.org> <10261.1212703949@critter.freebsd.dk> <20080606025533.8322ee08.stas@FreeBSD.org> Content-Type: text/plain Date: Fri, 06 Jun 2008 09:23:24 -0400 Message-Id: <1212758604.1904.33.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.22.1.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Fri, 06 Jun 2008 14:21:45 +0000 Cc: Rui Paulo , Poul-Henning Kamp , kib@FreeBSD.org, current@FreeBSD.org Subject: Re: cpuctl(formely devcpu) patch test request X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2008 13:41:19 -0000 On Fri, 2008-06-06 at 02:55 +0400, Stanislav Sedov wrote: > On Thu, 05 Jun 2008 22:12:29 +0000 > "Poul-Henning Kamp" mentioned: > > > In message <20080606020927.8d6675e1.stas@FreeBSD.org>, Stanislav Sedov writes: > > > > >The updated patch is available at > > >http://www.springdaemons.com/stas/cpuctl.2.diff > > > > Have we fully thought though the potential for halt&catch_fire ? > > > > Would it make sense to have a more granular security model than > > the simple device-node access based "are you root?" test ? > > There's a check that prevents playing with cpuctl if > securelevel is greater than 0. And if it's 0 you can always > execute any code you want in kernel mode. > > Or you're talking about something different? > What about using the API in priv(9) or similar, such as is done in the mlock(2)/munlock(2) code in sys/vm/vm_mmap.c ? -- Coleman Kane