Date: Tue, 14 Mar 2006 16:13:55 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/amd64/amd64 machdep.c src/sys/i386/i386 machdep.c src/sys/pc98/pc98 machdep.c Message-ID: <200603141613.k2EGDuj8062205@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
jhb 2006-03-14 16:13:55 UTC FreeBSD src repository Modified files: sys/amd64/amd64 machdep.c sys/i386/i386 machdep.c sys/pc98/pc98 machdep.c Log: Don't allow userland to set hardware watch points on kernel memory at all. Previously, we tried to allow this only for root. However, we were calling suser() on the *target* process rather than the current process. This means that if you can ptrace() a process running as root you can set a hardware watch point in the kernel. In practice I think you probably have to be root in order to pass the p_candebug() checks in ptrace() to attach to a process running as root anyway. Rather than fix the suser(), I just axed the entire idea, as I can't think of any good reason _at all_ for userland to set hardware watch points for KVM. MFC after: 3 days Also thinks hardware watch points on KVM from userland are bad: bde, rwatson Revision Changes Path 1.648 +20 -23 src/sys/amd64/amd64/machdep.c 1.624 +20 -23 src/sys/i386/i386/machdep.c 1.372 +20 -23 src/sys/pc98/pc98/machdep.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200603141613.k2EGDuj8062205>