cvs commit: src/sys/amd64/amd64 machdep.c src/sys/i386/i386
machdep.c src/sys/pc98/pc98 machdep.c
John Baldwin
jhb at FreeBSD.org
Tue Mar 14 16:13:56 UTC 2006
jhb 2006-03-14 16:13:55 UTC
FreeBSD src repository
Modified files:
sys/amd64/amd64 machdep.c
sys/i386/i386 machdep.c
sys/pc98/pc98 machdep.c
Log:
Don't allow userland to set hardware watch points on kernel memory at all.
Previously, we tried to allow this only for root. However, we were calling
suser() on the *target* process rather than the current process. This
means that if you can ptrace() a process running as root you can set a
hardware watch point in the kernel. In practice I think you probably have
to be root in order to pass the p_candebug() checks in ptrace() to attach
to a process running as root anyway. Rather than fix the suser(), I just
axed the entire idea, as I can't think of any good reason _at all_ for
userland to set hardware watch points for KVM.
MFC after: 3 days
Also thinks hardware watch points on KVM from userland are bad: bde, rwatson
Revision Changes Path
1.648 +20 -23 src/sys/amd64/amd64/machdep.c
1.624 +20 -23 src/sys/i386/i386/machdep.c
1.372 +20 -23 src/sys/pc98/pc98/machdep.c
More information about the cvs-all
mailing list