Re: Reading /dev/mem by dd

From: Henrique de Moraes Holschuh
Date: Wed Nov 11 2009 - 21:12:25 EST

Next message: David VomLehn: "[PATCH, RFC] panic-note: Annotation from user space for panics"
Previous message: Stefan Richter: "Re: [PATCH 0/4] DVB: firedtv: port to new firewire driver stack"
In reply to: Robert Hancock: "Re: Reading /dev/mem by dd"
Next in thread: Alan Cox: "Re: Reading /dev/mem by dd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 11 Nov 2009, Robert Hancock wrote:
> I don't think that we prevent any access to device registers in
> /dev/mem - if you read something that has side effects and something
> breaks, well I guess you get to keep both pieces :-) There's a
> reason it's root-only..

We should. Imaging /dev/mem is one of the oldest tricks in the book of the
forensics people, they do it to live systems to help track down WTF happened
to a compromised host. This kind of crap bites them hard.

IMO: if you're going to provide /dev/mem, make it as safe as possible.

--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David VomLehn: "[PATCH, RFC] panic-note: Annotation from user space for panics"
Previous message: Stefan Richter: "Re: [PATCH 0/4] DVB: firedtv: port to new firewire driver stack"
In reply to: Robert Hancock: "Re: Reading /dev/mem by dd"
Next in thread: Alan Cox: "Re: Reading /dev/mem by dd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]