Securelevels
Ivaylo Mateev
mateev at cns-consulting.org
Sun Jun 29 01:14:35 UTC 2008
Hi,
I think I found a bug.
[strato at darkstar /usr/home/strato]$ sudo sysctl kern.securelevel
kern.securelevel: 2
[strato at darkstar /usr/home/strato]$ kgdb
kgdb: /dev/mem: Permission denied
[strato at darkstar /usr/home/strato]$ sudo kgdb
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so:
Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
I am running in securelevel 2. That means nithing can have direct access
to /dev/mem, acording to man security:
1 Secure mode - the system immutable and system append-only flags may
not be turned off; disks for mounted file systems, /dev/mem and
/dev/kmem may not be opened for writing; /dev/io (if your platform
has it) may not be opened at all; kernel modules (see kld(4)) may
not be loaded or unloaded.
2 Highly secure mode - same as secure mode, plus disks may not be
opened for writing (except by mount(2)) whether mounted or not.
This level precludes tampering with file systems by unmounting
them, but also inhibits running newfs(8) while the system is multi-
user.
So is this a bug or I am just to stupid?
More information about the freebsd-hackers
mailing list