Re: cpuctl(formely devcpu) patch test request

From: Rui Paulo <rpaulo_at_FreeBSD.org>
Date: Mon, 16 Jun 2008 21:12:48 +0100
On Mon, Jun 16, 2008 at 10:27:40PM +0400, Stanislav Sedov wrote:
> On Mon, 16 Jun 2008 19:10:17 +0100
> "Rui Paulo" <rpaulo_at_FreeBSD.org> mentioned:
> 
> > There's no security issue here.
> > If the system administrator is concerned about "security" of cpuctl,
> > he/she just has to compile-out cpuctl or remove the module from the
> > file system.
> > 
> 
> Well, in this case it would be possible to load that again. Setting
> a non-zero securelevel or implementing a specific MAC policy might
> be a more correct solution. cpuctl(4) won't allow any MSR operations
> if securelevel is above zero.

Right, so the necessary checks are in place already.

Regards,
-- 
Rui Paulo
Received on Mon Jun 16 2008 - 18:13:14 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:32 UTC