cpuctl(formely devcpu) patch test request
Rui Paulo
rpaulo at FreeBSD.org
Mon Jun 16 20:13:14 UTC 2008
On Mon, Jun 16, 2008 at 10:27:40PM +0400, Stanislav Sedov wrote:
> On Mon, 16 Jun 2008 19:10:17 +0100
> "Rui Paulo" <rpaulo at FreeBSD.org> mentioned:
>
> > There's no security issue here.
> > If the system administrator is concerned about "security" of cpuctl,
> > he/she just has to compile-out cpuctl or remove the module from the
> > file system.
> >
>
> Well, in this case it would be possible to load that again. Setting
> a non-zero securelevel or implementing a specific MAC policy might
> be a more correct solution. cpuctl(4) won't allow any MSR operations
> if securelevel is above zero.
Right, so the necessary checks are in place already.
Regards,
--
Rui Paulo
More information about the freebsd-current
mailing list