Maxime Villard wrote: > Yes, it's fine. I've never taken care of securelevel, but your change > can't be incorrect. Perhaps I would use just KAUTH_MACHDEP_SVS instead > of KAUTH_MACHDEP_SVS_DISABLE, in case another operation gets added in > the future, but that doesn't matter.
I don't think securelevel should care about details of SVS. If you want to introduce levels of SVS, KAUTH_MACHDEP_SVS_DISABLE can still be used to prevent lowering (instead of disabling SVS completely). Perhaps the name can be changed to KAUTH_MACHDEP_SVS_DEGRADE or something similar but it's not that important. Thinking a bit more about this, I don't think my patch will prevent data leakage from the kernel because /dev/mem and /dev/kmem are readable at all securelevels. It can only prevent leakage in some situations. For example, when root is compromised inside chroot and chroot directory is on a file system mounted with nodev. -- Alex