Date: Fri, 7 Nov 1997 21:16:36 +0100
From: j@uriah.heep.sax.de (J Wunsch)
To: freebsd-hackers@freefall.FreeBSD.org
Subject: Re: root - can root do an asm("cli")?
Message-ID: <19971107211636.RD30963@uriah.heep.sax.de>
In-Reply-To: <199711070955.KAA27835@gil.physik.rwth-aachen.de>; from Christoph Kukulies on Nov 7, 1997 10:55:19 %2B0100
References: <199711070955.KAA27835@gil.physik.rwth-aachen.de>
next in thread | previous in thread | raw e-mail | index | archive | help
As Christoph Kukulies wrote:
> Is there a difference between what the kernel can do vs. what
> a root process can do with regard to priviliged instructions?
Sure.
> In particular: can a root process do an asm("cli"); and thus
> block the whole system?
Only by opening /dev/io.
> Now someone tells me, root can do everything and can even do
> that.
Root always can do everything, by one or the other method. If you
leave out the /dev/io security hole, well, write an LKM and load it,
and voila!, it'll be part of the kernel.
Things are different in FreeBSD iff securelevel > 0.
--
cheers, J"org
joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19971107211636.RD30963>