On 21/10/16 16:54, Stuart Henderson wrote:
> On 2016-10-21, Kapetanakis Giannis <[email protected]> wrote:
>>
>> where stu@ said:
>> "Kernel virtual memory access is no longer permitted by the kernel on a
>> normally running system. The relevant parts of net-snmp will need to be
>> disabled or rewritten"
>
> sthen@ != stu@
Sorry for that. Saw the uid on your domain and thought it was the same :)
>> Any way to get through that and read DMI entries?
>
> There is a sysctl kern.allowkmem:
>
> KERN_ALLOWKMEM
> Allow userland processes access to /dev/kmem. When running with a
> securelevel(7) greater than 0, this variable may not be changed.
Thanks for the hint.
Just for the records, since I didn't want to set it permanently I did this in
/etc/rc.securelevel
if [[ -x /usr/local/sbin/dmidecode ]]; then
/usr/local/sbin/dmidecode > /var/run/dmidecode.boot
fi
G
ps. Maybe this applies?
Index: securelevel.7
===================================================================
RCS file: /cvs/src/share/man/man7/securelevel.7,v
retrieving revision 1.29
diff -u -p -r1.29 securelevel.7
--- securelevel.7 28 Sep 2016 17:58:17 -0000 1.29
+++ securelevel.7 21 Oct 2016 15:22:49 -0000
@@ -66,7 +66,7 @@ securelevel may no longer be lowered exc
.Pa /dev/mem
and
.Pa /dev/kmem
-may not be written to
+may not be read or written to
.It
raw disk devices of mounted file systems are read-only
.It
