cpuctl(formely devcpu) patch test request
Stanislav Sedov
stas at FreeBSD.org
Mon Jun 16 18:27:56 UTC 2008
On Mon, 16 Jun 2008 19:10:17 +0100
"Rui Paulo" <rpaulo at FreeBSD.org> mentioned:
> There's no security issue here.
> If the system administrator is concerned about "security" of cpuctl,
> he/she just has to compile-out cpuctl or remove the module from the
> file system.
>
Well, in this case it would be possible to load that again. Setting
a non-zero securelevel or implementing a specific MAC policy might
be a more correct solution. cpuctl(4) won't allow any MSR operations
if securelevel is above zero.
--
Stanislav Sedov
ST4096-RIPE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20080616/d9e40f21/attachment.pgp
More information about the freebsd-current
mailing list