| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 16 Nov 2008 10:30:05 +0100 From: Bernhard Walle <bwalle@...e.de> To: Arjan van de Ven <arjan@...radead.org> Cc: x86@...nel.org, linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org Subject: Re: [PATCH 2/2] Add dev.mem.restricted sysctl * Arjan van de Ven [2008-11-15 19:49]: > > On Sun, 16 Nov 2008 01:03:43 +0100 > Bernhard Walle <bwalle@...e.de> wrote: > > > When CONFIG_STRICT_DEVMEM is set, live debugging is not possible with > > the crash utility (see http://people.redhat.com/~anderson). For > > distributors who ship a generic kernel it's difficult: Disabling > > CONFIG_STRICT_DEVMEM is possible, but in general the protection > > provided by CONFIG_STRICT_DEVMEM is useful. However, live debugging > > should be still neceessary. > > > > This patch now adds a dev.mem.restricted sysctl that defaults to 0 > > (off). When set to 1 (on), /dev/mem access is unrestricted and crash > > can be used. > > sounds like a really bad idea to me. > If you want to use /dev/mem like this, don't enable the config option > to restrict it. Really. So, what's that restriction really for? Maybe it would make sense to remove that CONFIG option entirely and turn it into the systl? Just an idea. Regards, Bernhard -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists