On Tue, Jan 17, 2023 at 04:23:48PM -0500, Bryan Steele wrote:
> On Tue, Jan 17, 2023 at 09:37:24PM +0100, Jan Klemkow wrote:
> > Hi,
> >
> > This diff adjust the manpage of mem(4) to be more accurate. You can
> > open(2) mem(4) in securelevel 1 in readonly mode, but not writable.
> >
> > kern/spec_vnops.c:
> >
> > if (ap->a_cred != FSCRED && (ap->a_mode & FWRITE)) {
> > ...
> > /*
> > * When running in secure mode, do not allow opens
> > * for writing of /dev/mem, /dev/kmem, or character
> > * devices whose corresponding block devices are
> > * currently mounted.
> > */
> > if (securelevel >= 1) {
> > ...
> > if (iskmemdev(dev))
> > return (EPERM);
> > }
> > }
> >
> > OK?
> >
> > bye,
> > Jan
>
> Are you sure about that? Have you tested it?
>
> https://github.com/openbsd/src/commit/19aedf236181e81baf170421900911c82671fae4
at least this tool works for me:
#include <err.h>
#include <fcntl.h>
#include <limits.h>
#include <paths.h>
#include <stdio.h>
#include <stdlib.h>
#include <kvm.h>
int
main(void)
{
kvm_t *kd;
int mem;
struct nlist nl[] = {
{"_ix_debug_ioctl"},
{NULL}
};
char errbuf[_POSIX2_LINE_MAX];
if ((kd = kvm_open(_PATH_KSYMS, NULL, NULL, O_RDWR, errbuf)) == NULL)
errx(EXIT_FAILURE, "%s", errbuf);
if (kvm_nlist(kd, nl) == -1)
errx(EXIT_SUCCESS, "%s", kvm_geterr(kd));
if (kvm_read(kd, nl[0].n_value, &mem, sizeof mem) != sizeof(mem))
errx(EXIT_SUCCESS, "%s", kvm_geterr(kd));
printf("mem: %d\n", mem);
mem = 1;
if (kvm_write(kd, nl[0].n_value, &mem, sizeof mem) != sizeof(mem))
errx(EXIT_SUCCESS, "%s", kvm_geterr(kd));
if (kvm_close(kd) == -1)
err(EXIT_FAILURE, "kvm_close");
return EXIT_SUCCESS;
}
