Hi,
Nan Xiao wrote on Tue, Sep 12, 2017 at 08:58:25AM +0800:
> I want to run dmidecode (https://github.com/mirror/dmidecode)
> on OpenBSD 6.1, but executing it will report following errors:
>
> # ./dmidecode
> # dmidecode 3.1
> Scanning /dev/mem for entry point.
> /dev/mem: Operation not permitted
>
> After single-step debugging, I find the error is from open /dev/mem:
>
> if ((fd = open(filename, O_RDONLY)) == -1)
> {
> if (errno != ENOENT)
> perror(filename);
> return NULL;
> }
>
> I execute program as a root, and the attributes of `/dev/mem`:
>
> # ls -lt /dev/mem
> crw-r----- 1 root kmem 2, 0 Aug 25 18:38 /dev/mem
>
> So it should open successfully.
> Could anyone give some clues of this issue?
Thanks for reporting. I just fixed the documentation.
It now reads as follows:
schwarze@isnote $ man 4 mem | grep -A2 Even
Even with sufficient file system permissions, these devices can
only be opened when the securelevel(7) is insecure or when the
kern.allowkmem sysctl(3) variable is set.
schwarze@isnote $ man securelevel | col -b | grep -A3 'Secure '
1 Secure mode
- default mode when system is multi-user
- securelevel may no longer be lowered except by init
- /dev/mem and /dev/kmem cannot be opened
Yes, if you really want to use /dev/mem, you have to allow that
during boot, as it makes the system insecure. So if you have already
booted, you have to reboot to put the system in such an insecure
mode of operation. But do *NOT* do that on any kind of production
system, only do that on a system exclusively used for experimentation
and debugging. Enabling this is intentionally hard to discourage
using it.
Also, even if you get this to work now, don't hold your breath that
we will continue supporting it in the future. It seems likely to me
that even more restrictions may be placed on /dev/mem in the future,
and you should not expect that dmidecode will continue to work.
Yours,
Ingo
----- Forwarded message from Ingo Schwarze <schwarze@openbsd.org> -----
From: Ingo Schwarze <schwarze@openbsd.org>
Date: Mon, 11 Sep 2017 20:22:16 -0600 (MDT)
To: source-changes@openbsd.org
Subject: CVS: cvs.openbsd.org: src
CVSROOT: /cvs
Module name: src
Changes by: schwarze@cvs.openbsd.org 2017/09/11 20:22:16
Modified files:
lib/libc/gen : sysctl.3
share/man/man7 : securelevel.7
share/man/man4/man4.alpha: mem.4
share/man/man4/man4.amd64: mem.4
share/man/man4/man4.hppa: mem.4
share/man/man4/man4.i386: mem.4
share/man/man4/man4.landisk: mem.4
share/man/man4/man4.loongson: mem.4
share/man/man4/man4.luna88k: mem.4
share/man/man4/man4.macppc: mem.4
share/man/man4/man4.socppc: mem.4
share/man/man4/man4.sparc64: mem.4
Log message:
Update the documentation regarding /dev/mem and /dev/kmem;
Theo already clamped down on these devices last year.
Triggered by a question from Nan Xiao <xiaonan830818 at gmail dot com>.
OK deraadt@
----- End forwarded message -----
No comments:
Post a Comment