On Thu, 19 Apr 2018, Alexander Nasonov wrote:
When securelevel is set, should be lock 1->0 change for machdep.svs.enabled (and possibly for other sysctls related to recent security mitigations)?
Possibly. At the very least, we should prevent _disabling" the svs code if securelevel is set. IMHO. +------------------+--------------------------+----------------------------+ | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | (Retired) | FA29 0E3B 35AF E8AE 6651 | paul at whooppee dot com | | Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd dot org | +------------------+--------------------------+----------------------------+
