[904] in NetBSD-Development
Re: Maintenance issues
daemon@ATHENA.MIT.EDU (Charles Hannum)
Wed Jul 26 12:24:34 1995
Date: Wed, 26 Jul 1995 12:17:23 -0400
From: Charles Hannum <Charles-Hannum@deshaw.com>
To: mhbraun@MIT.EDU
Cc: ghudson@MIT.EDU, pc-dialup@MIT.EDU, bug-dialup@MIT.EDU
In-Reply-To: <199507261332.JAA27345@medic.MIT.EDU> (message from Matt Braun on Wed, 26 Jul 1995 09:32:57 EDT)
>> Given Matt's desire for security over operational convenience, we
>> should probably run at securelevel 2 (this will require bringing the
>> system down single-user to newfs a partition). The only problem I
>> know of with securelelel 2 is that root can open /dev/mem read-write
>> and get I/O privileges (this is how the X server works).
Actually, now that I think about it, that won't work. One of the
things that security level 1 does is turn off write access to /dev/mem
and /dev/kmem. There's still /dev/io, but iskmemdev() should have
been changed to check for that long ago anyway.
