Subject: i386_iopl() violates security model?
To: None <port-i386@NetBSD.ORG>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: port-i386
Date: 02/04/1996 00:37:32
I've asked about this before but I want to try one more time and see if
anyone can think of a reason why not.

Is it just me, or does allowing user processes to frob the I/O permission
level -- via either i386_iopl() or the pcvt KDENABIO ioctl -- do a really
nice job of negating the 4.4 security model, with its protections on
/dev/mem, etc.?

So I frobbed my kernel at home to DTRT and check securelevel, but...

...of course, fixing this causes XFree86 to fail.  Perhaps this should be
disabled, however, at security level 2?  Does anyone see a reasonable way
to fix this and provide an interface for XFree86 to do what it currently
does via the I/O ports?  In that case, it seems to me, at securelevel > 0
i386_iopl and KDENABIO ought to be completely disabled.

Thor