Hi, Nan Xiao wrote on Tue, Sep 12, 2017 at 08:58:25AM +0800:
> I want to run dmidecode (https://github.com/mirror/dmidecode) > on OpenBSD 6.1, but executing it will report following errors: > > # ./dmidecode > # dmidecode 3.1 > Scanning /dev/mem for entry point. > /dev/mem: Operation not permitted > > After single-step debugging, I find the error is from open /dev/mem: > > if ((fd = open(filename, O_RDONLY)) == -1) > { > if (errno != ENOENT) > perror(filename); > return NULL; > } > > I execute program as a root, and the attributes of `/dev/mem`: > > # ls -lt /dev/mem > crw-r----- 1 root kmem 2, 0 Aug 25 18:38 /dev/mem > > So it should open successfully. > Could anyone give some clues of this issue? Thanks for reporting. I just fixed the documentation. It now reads as follows: schwarze@isnote $ man 4 mem | grep -A2 Even Even with sufficient file system permissions, these devices can only be opened when the securelevel(7) is insecure or when the kern.allowkmem sysctl(3) variable is set. schwarze@isnote $ man securelevel | col -b | grep -A3 'Secure ' 1 Secure mode - default mode when system is multi-user - securelevel may no longer be lowered except by init - /dev/mem and /dev/kmem cannot be opened Yes, if you really want to use /dev/mem, you have to allow that during boot, as it makes the system insecure. So if you have already booted, you have to reboot to put the system in such an insecure mode of operation. But do *NOT* do that on any kind of production system, only do that on a system exclusively used for experimentation and debugging. Enabling this is intentionally hard to discourage using it. Also, even if you get this to work now, don't hold your breath that we will continue supporting it in the future. It seems likely to me that even more restrictions may be placed on /dev/mem in the future, and you should not expect that dmidecode will continue to work. Yours, Ingo ----- Forwarded message from Ingo Schwarze <[email protected]> ----- From: Ingo Schwarze <[email protected]> Date: Mon, 11 Sep 2017 20:22:16 -0600 (MDT) To: [email protected] Subject: CVS: cvs.openbsd.org: src CVSROOT: /cvs Module name: src Changes by: [email protected] 2017/09/11 20:22:16 Modified files: lib/libc/gen : sysctl.3 share/man/man7 : securelevel.7 share/man/man4/man4.alpha: mem.4 share/man/man4/man4.amd64: mem.4 share/man/man4/man4.hppa: mem.4 share/man/man4/man4.i386: mem.4 share/man/man4/man4.landisk: mem.4 share/man/man4/man4.loongson: mem.4 share/man/man4/man4.luna88k: mem.4 share/man/man4/man4.macppc: mem.4 share/man/man4/man4.socppc: mem.4 share/man/man4/man4.sparc64: mem.4 Log message: Update the documentation regarding /dev/mem and /dev/kmem; Theo already clamped down on these devices last year. Triggered by a question from Nan Xiao <xiaonan830818 at gmail dot com>. OK deraadt@ ----- End forwarded message -----
