From: utzoo!decvax!harpo!seismo!hao!hplabs!sri-unix!ron@Brl
Newsgroups: net.unix-wizards
Title: Re:  protecting kmem because someone felt obnoxious.
Article-I.D.: sri-unix.4959
Posted: Tue Dec 28 23:52:06 1982
Received: Thu Dec 30 04:46:42 1982

From:     Ron Natalie <ron@Brl>
Date:     22 Dec 82 6:28:56-EST (Wed)
Panic about security...certainly not.  You might as well get
rid of inode access bits too, if you care about PRIVACY at all.  There
is a lot of user sensitive data floating around in there (not nearly
as bad now that buffers are usually out of kernel space, but people
who have kmem readable probably have the disk devices and /dev/mem
readable also).  We've had kmem, mem, and the disk devices protected
for years, and have never suffered any serious problems.  Programs
who really want to know (ps, mount, etc...) run setuid to root with
appropriate restrictions.


Due to the large amount of disk and system reconfiguration here, we wanted
to make all system utilities independant of knowing about the namelist on
/unix (it may be out of date because we do not necessarily boot the disk
that the running root is on) and due to the kmem protection we have another
minor device code on mem that is a generally readable structure of important
user informaton such as the revision number, number of procs, major/minor
device code of swapdev, plus the metering information...This allows users
to get kernel entries in a user mode process without the ramifications of
leaving kmem readable.

Also note that indescriminate reading of kmem can screw up stuff if
the user lets loose on the IO page by mistake.

-Ron