cpuctl(formely devcpu) patch test request

Coleman Kane cokane at cokane.org
Fri Jun 6 13:41:19 UTC 2008


On Fri, 2008-06-06 at 02:55 +0400, Stanislav Sedov wrote:
> On Thu, 05 Jun 2008 22:12:29 +0000
> "Poul-Henning Kamp" <phk at phk.freebsd.dk> mentioned:
> 
> > In message <20080606020927.8d6675e1.stas at FreeBSD.org>, Stanislav Sedov writes:
> > 
> > >The updated patch is available at
> > >http://www.springdaemons.com/stas/cpuctl.2.diff
> > 
> > Have we fully thought though the potential for halt&catch_fire ?
> > 
> > Would it make sense to have a more granular security model than 
> > the simple device-node access based "are you root?" test ?
> 
> There's a check that prevents playing with cpuctl if
> securelevel is greater than 0. And if it's 0 you can always
> execute any code you want in kernel mode.
> 
> Or you're talking about something different?
> 

What about using the API in priv(9) or similar, such as is done in the
mlock(2)/munlock(2) code in sys/vm/vm_mmap.c ?

-- 
Coleman Kane



More information about the freebsd-current mailing list