Todd C. Miller <[email protected]> wrote: > On Wed, 22 Jan 2020 15:12:25 +0100, Martin Pieuchot wrote: > > > dt(4) is a debugging interface that allows userland to read kernel > > addresses. So its access should be restricted by default, just like > > mem(4). > > > > Diff prevent opening the pseudo-device unless `allowkmem' is set. > > Does it really make sense to reuse `allowkmem' for this? This will > mean that in order to use dt(4) you also have to open up mem(4). > I don't think that is desirable.
The things you can learn via dt are a stong inspection window into kmem. I think it's stronger than immediately obvious. > If you want to disable dt(4) by default I think you are better off > using a new sysctl knob. I'm on the fence about it. But it is small, so I think allowdt is better.
