| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20091112021209.GA21625@khazad-dum.debian.net> Date: Thu, 12 Nov 2009 00:12:09 -0200 From: Henrique de Moraes Holschuh <hmh@....eng.br> To: Robert Hancock <hancockrwd@...il.com> Cc: "Anton D. Kachalov" <mouse@...c.ru>, linux-kernel@...r.kernel.org Subject: Re: Reading /dev/mem by dd On Wed, 11 Nov 2009, Robert Hancock wrote: > I don't think that we prevent any access to device registers in > /dev/mem - if you read something that has side effects and something > breaks, well I guess you get to keep both pieces :-) There's a > reason it's root-only.. We should. Imaging /dev/mem is one of the oldest tricks in the book of the forensics people, they do it to live systems to help track down WTF happened to a compromised host. This kind of crap bites them hard. IMO: if you're going to provide /dev/mem, make it as safe as possible. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists