cpuctl(formely devcpu) patch test request

[Stanislav Sedov]

On Sun, 15 Jun 2008 15:26:39 -0400
Coleman Kane <cokane at FreeBSD.org> mentioned:

> I think the anti-foot-shooting measures referred to above were also
> taking into consideration for security reasons. It might be valuable for
> someone to be able to configure this feature to be rdmsr-only, thereby
> limiting potential harm vectors in the event that an attacker is likely
> to crack access to the system for supervisory privileges. This would be
> a legitimate consideration to make, especially so that the module could
> at least provide a sane "safe operating mode" to those that would
> benefit from read-only access.
> 
> So, for example, I would consider most crackers to be skilled enough to
> inject an ioctl call somewhere, even if the primary user of the system
> is not so skilled., but they want to use software written by others that
> makes use of this interface.

On the other hand, providing extra security levels via sysctl looks
slightly overkill to me, as if the attacker would be able to issue
a ioctl call somewhere it would be easy to him to make a sysctl
call as well. Priv(9) checks and/or securelevels could be used
to limit the usage of this functionality. Furthermore, there're
a lot of other possible ways to execure an msr instructions,
including loading your own simple kernel object.

-- 
Stanislav Sedov
ST4096-RIPE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20080616/9576dc1f/attachment.pgp