Date: Fri, 7 Nov 1997 21:16:36 +0100 From: j@uriah.heep.sax.de (J Wunsch) To: freebsd-hackers@freefall.FreeBSD.org Subject: Re: root - can root do an asm("cli")? Message-ID: <19971107211636.RD30963@uriah.heep.sax.de> In-Reply-To: <199711070955.KAA27835@gil.physik.rwth-aachen.de>; from Christoph Kukulies on Nov 7, 1997 10:55:19 %2B0100 References: <199711070955.KAA27835@gil.physik.rwth-aachen.de>
next in thread | previous in thread | raw e-mail | index | archive | help
As Christoph Kukulies wrote: > Is there a difference between what the kernel can do vs. what > a root process can do with regard to priviliged instructions? Sure. > In particular: can a root process do an asm("cli"); and thus > block the whole system? Only by opening /dev/io. > Now someone tells me, root can do everything and can even do > that. Root always can do everything, by one or the other method. If you leave out the /dev/io security hole, well, write an LKM and load it, and voila!, it'll be part of the kernel. Things are different in FreeBSD iff securelevel > 0. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19971107211636.RD30963>