On 9 Sep 2002, Paolo Perego wrote: > Hi guys :) Yesterday evening, while drinking a smooth ale and explaining > something about a real kernel to a friend of mine who is uindoze > addicted, I was thinking about /dev/kmem permission and kernel patching > on the fly. The point is that an attacker could replace our beatiful and > warm kernel with an "a doc" evil-cracker-image playing with /dev/kmem, > of course after gaining root privileges. > Using my module, AngeL, I deny /dev/kmem writing at kernel level and > everything still works fine. So my question is... why /dev/kmem has > write access to root user? Who needs writing in /dev/kmem ( I figured > out that neither insmod or rmmod needs that )? First - are you sure you disabled writing to kernel memory completely? I mean what if someone mmap()s /dev/kmem, performs some operations there, and then munmap()s it? This is what grsecurity kernel patch (for example) had problems with, even with /dev/kmem write disabled. I don't know of any program which will need write permissions to /dev/kmem, however some programs need /dev/mem (such as Xserver). -- JiKos. -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/
