Date: Fri, 7 Nov 1997 09:27:22 -0500 (EST)
From: "David E. Cross" <dec@phoenix.its.rpi.edu>
To: Christoph Kukulies <kuku@gilberto.physik.RWTH-Aachen.DE>
Cc: freebsd-hackers@freefall.FreeBSD.org
Subject: Re: root - can root do an asm("cli")?
Message-ID: <Pine.BSF.3.96.971107092329.7861A-100000@phoenix.its.rpi.edu>
In-Reply-To: <199711070955.KAA27835@gil.physik.rwth-aachen.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 7 Nov 1997, Christoph Kukulies wrote:
>
> Is there a difference between what the kernel can do vs. what
> a root process can do with regard to priviliged instructions?
>
> In particular: can a root process do an asm("cli"); and thus
> block the whole system? I tried once under FreeBSD
> and got a bus error. May be the cause was a differnet one but
> when I got that bus error I thought: "Hmm, fine, so there
> is something running at a different ring which prevents root
> from doing such malign things" and was feeling safe.
>
> Now someone tells me, root can do everything and can even do
> that.
No, root cannot do 'everything'. 'root' is subject to the same rules that
other processes are (it cannot access outside its memory bounds, it cannot
take the processor, etc...). The difference is that 'root', (uid 0
actually), has access to certain Kernel calls (even the Kernel is bound to
the memory protection, although the kernel can change the protection as it
needs to), which allow it to do more, ie. root cannot access memory it
doesn't own, but it has access to /dev/mem and /dev/kmem, which means it
*could* access it indirectly.
I hope that helps some.
--
David Cross
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971107092329.7861A-100000>