Re: cpuctl(formely devcpu) patch test request

From: Stanislav Sedov <stas_at_FreeBSD.org>
Date: Mon, 16 Jun 2008 22:27:40 +0400
On Mon, 16 Jun 2008 19:10:17 +0100
"Rui Paulo" <rpaulo_at_FreeBSD.org> mentioned:

> There's no security issue here.
> If the system administrator is concerned about "security" of cpuctl,
> he/she just has to compile-out cpuctl or remove the module from the
> file system.
> 

Well, in this case it would be possible to load that again. Setting
a non-zero securelevel or implementing a specific MAC policy might
be a more correct solution. cpuctl(4) won't allow any MSR operations
if securelevel is above zero.

-- 
Stanislav Sedov
ST4096-RIPE

Received on Mon Jun 16 2008 - 16:27:56 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:32 UTC