| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20081116160905.17e867da@lxorguk.ukuu.org.uk> Date: Sun, 16 Nov 2008 16:09:05 +0000 From: Alan Cox <alan@...rguk.ukuu.org.uk> To: Arjan van de Ven <arjan@...radead.org> Cc: Bernhard Walle <bwalle@...e.de>, x86@...nel.org, linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org, crash-utility@...hat.com Subject: Re: Turn CONFIG_STRICT_DEVMEM in sysctl dev.mem.restricted > because it can load kernel modules? > or because it can bypass the iommu? It has iopl, firmware loading, ioperm, raw disk I/O, mknod, module loading etc etc.. > the point of the /dev/mem restrictions is to not allow things you know > you don't need, while still allowing X to function where it can access > the crap it does. Now in Bernhard's case he DOES need them, so he > shouldn't use the restrictions. I know what the point is, but it doesn't actually implement any meaningful restriction to achieve that result, so it is worthless junk. > > There are proper ways to deal with X, modern video cards and modern > > security models. They involve using framebuffer mappings off the PCI > > device node itself and DRI. > > > when X has this for all hw that matters /dev/mem could go away for the > people who then no longer have any need for it. Why should it go away ? It's a matter of file permissions and security rules as to who can access it. Trying to make it go away is just more fake-security crap. Alan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists