Subject: machdep kauth calls for i386_xxx
To: None <tech-security@netbsd.org, port-i386@netbsd.org,>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-security
Date: 11/08/2006 23:30:54
I think the patch below is correct and allows the removal of some
unnecessary (and somewhat obfuscatory) kauth requests. Fundamentally,
access to the i386 iopl must be assumed to be access to raw memory.
I didn't touch the machdep kauth requests for the get/set MTRR operations.
But I would like to remove the kauth calls entirely, unless someone can
explain to me how it's possible to alter the persistent state of the
machine by tampering with MTRR entries. I am aware that it's possible to
easily crash the machine, but, of course, root can already do that with
reboot()...
--
Thor Lancelot Simon tls@rek.tjls.com
"We cannot usually in social life pursue a single value or a single moral
aim, untroubled by the need to compromise with others." - H.L.A. Hart