On Thu, Sep 06, 2007 at 01:44:05PM +0530, Satyam Sharma wrote:
> /dev/kmem was just an example -- IMHO differentiating between kernel and
> userspace from a security p.o.v. is always tricky.
The things that come to mind are /dev/kmem and module-loading. What
else is there? And what is it that makes this inherently difficult?
> Like Trond said, there are very high number of ways in which
> privileged userspace can compromise a running kernel if it really
> wants to do that, root-is-God has always been *the* major problem with
> Unix :-)
>
> The only _real_ way a kernel can lock itself completely against
> malicious userspace involves trusted tamperproof hardware,
The question of how to protect against someone with *physical* access
certainly is more difficult, but surely that's a separate problem.
--b.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
