Re: another kconfig target for building monolithic kernel (for security) ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2006-04-30 at 14:31 +0200, [email protected] wrote:
> hello !
> 
> "Unfortunately, disabling /dev/mem will break many things, including X and potentially many other user-space programs"
> (-> http://lwn.net/2001/0419/security.php3 )

not if you do it carefully like we did for Fedora...

> 
> "The /dev/mem and /dev/kmem character special files provide access to a pseudo device driver that allows read and write access to system memory or I/O address space. Typically, these special files are used by operating system utilities and commands (such as sar, iostat, and vmstat) to obtain status and statistical information about the system" (ok, this is for AIX, does this apply for linux, too? -> http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.aix.doc/files/aixfiles/mem.htm )


/dev/kmem isn't used by much of anything except debugging, so having
that a config option is reasonable. for /dev/mem it's enough to disable
all access to 'what the kernel sees as RAM' with the lower 1Mb as
exception..

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux