Alan Cox <alan@lxorguk.ukuu.org.uk> writes:
>On Thu, 2002-10-24 at 12:09, Henning P. Schmiedehausen wrote:
>> Ville Herva <vherva@niksula.hut.fi> writes:
>>
>> >the /dev/kmem hole, but this closes 2 classes of attacks - loading rootkit
>> >module and booting with a hacked kernel in straight-forward way.
>>
>> Question: What do I lose when you remove /dev/kmem?
>> Related question: Would it be useful to make /dev/kmem read-only?
>Makes no real difference. If the user got to root they can work the
>chmod command. What you want to do is revoke CAP_SYS_RAWIO which kills
>off all direct hardware access - mem/kmem/iopl/ioperm etc. It does stop
>non kernel fb X working but thats not a big deal on a server.
Hm,
I've been in a hurry when I wrote my first mail. What I meant was:
- I remove drivers/char/mem.c from my kernel. What do I lose? (/dev/null,
/dev/zero and /dev/full afaics but cut this down to "i remove everything
related to mem_fops, kmem_fops and port_fops").
- I remove write_mem(), write_kmem() and write_port() from drivers/char/mem.c
What do I lose?
Removing CAP_SYS_RAWIO is nice, but I actually want to remove the code
from the kernel, not just disabling it (Yes, of course I could try but
my test box is in pieces ATM...).
The pointer to the Xserver is a good one. Thanks.
Regards
Henning
-- Dipl.-Inf. (Univ.) Henning P. Schmiedehausen -- Geschaeftsfuehrer INTERMETA - Gesellschaft fuer Mehrwertdienste mbH hps@intermeta.deAm Schwabachgrund 22 Fon.: 09131 / 50654-0 info@intermeta.de D-91054 Buckenhof Fax.: 09131 / 50654-20 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Oct 31 2002 - 22:00:23 EST