Date: Tue, 14 Mar 2006 16:13:55 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/amd64/amd64 machdep.c src/sys/i386/i386 machdep.c src/sys/pc98/pc98 machdep.c Message-ID: <200603141613.k2EGDuj8062205@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
jhb 2006-03-14 16:13:55 UTC
FreeBSD src repository
Modified files:
sys/amd64/amd64 machdep.c
sys/i386/i386 machdep.c
sys/pc98/pc98 machdep.c
Log:
Don't allow userland to set hardware watch points on kernel memory at all.
Previously, we tried to allow this only for root. However, we were calling
suser() on the *target* process rather than the current process. This
means that if you can ptrace() a process running as root you can set a
hardware watch point in the kernel. In practice I think you probably have
to be root in order to pass the p_candebug() checks in ptrace() to attach
to a process running as root anyway. Rather than fix the suser(), I just
axed the entire idea, as I can't think of any good reason _at all_ for
userland to set hardware watch points for KVM.
MFC after: 3 days
Also thinks hardware watch points on KVM from userland are bad: bde, rwatson
Revision Changes Path
1.648 +20 -23 src/sys/amd64/amd64/machdep.c
1.624 +20 -23 src/sys/i386/i386/machdep.c
1.372 +20 -23 src/sys/pc98/pc98/machdep.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200603141613.k2EGDuj8062205>