Subject: Re: machdep kauth calls for i386_xxx
To: None <tls@rek.tjls.com>
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
List: port-amd64
Date: 11/09/2006 14:32:32
> I think the patch below is correct and allows the removal of some
> unnecessary (and somewhat obfuscatory) kauth requests. Fundamentally,
> access to the i386 iopl must be assumed to be access to raw memory.
>
> I didn't touch the machdep kauth requests for the get/set MTRR operations.
> But I would like to remove the kauth calls entirely, unless someone can
> explain to me how it's possible to alter the persistent state of the
> machine by tampering with MTRR entries. I am aware that it's possible to
> easily crash the machine, but, of course, root can already do that with
> reboot()...
kauth is not dedicated to tcb or securelevel.
YAMAMOTO Takashi