Sure.
There may be some man page locations missing, from a grep:
man2/sysctl.2:.It Dv KERN_ALLOWKMEM Pq Va kern.allowkmem
man3/sysctl.3:.It Dv KERN_ALLOWKMEM Pq Va kern.allowkmem
man7/securelevel.7:.Va kern.allowkmem ,
Martin Pieuchot wrote:
> On 22/01/20(Wed) 14:56, Theo de Raadt wrote:
> >
On Thu, 23 Jan 2020 10:03:08 +0100, Martin Pieuchot wrote:
> Sure! Diff below does that, ok?
Looks good. OK millert@
- todd
On 22/01/20(Wed) 14:56, Theo de Raadt wrote:
> Todd C. Miller wrote:
>
> > On Wed, 22 Jan 2020 15:12:25 +0100, Martin Pieuchot wrote:
> >
> > > dt(4) is a debugging interface that allows userland to read kernel
> > > addresses. So its access should be restricted by default, just like
> > >
Todd C. Miller wrote:
> On Wed, 22 Jan 2020 15:12:25 +0100, Martin Pieuchot wrote:
>
> > dt(4) is a debugging interface that allows userland to read kernel
> > addresses. So its access should be restricted by default, just like
> > mem(4).
> >
> > Diff prevent opening the pseudo-device unless
On Wed, 22 Jan 2020 15:12:25 +0100, Martin Pieuchot wrote:
> dt(4) is a debugging interface that allows userland to read kernel
> addresses. So its access should be restricted by default, just like
> mem(4).
>
> Diff prevent opening the pseudo-device unless `allowkmem' is set.
Does it really
dt(4) is a debugging interface that allows userland to read kernel
addresses. So its access should be restricted by default, just like
mem(4).
Diff prevent opening the pseudo-device unless `allowkmem' is set.
ok?
Index: sys/dev/dt/dt_dev.c