You can say that this hacked process could insert a rootkit inside the kernel, agreed, but that is atleast making work harder for attackers, and ofcourse a rootkit is not going to be simpler than accessing /dev/mem or /dev/sda1.
In any case, no one can claim its not security hole, it is definitely, but only restricted to privileged processes. Any of the vulnerable process can make life easy for hackers. Also no one can build 100% secure system.
Thanks,
Rajat
On Wed, Oct 27, 2010 at 9:50 PM, John Mahoney <jmahoney@xxxxxxxx> wrote:
On Wed, Oct 27, 2010 at 8:23 AM, Rajat Sharma <fs.rajat@xxxxxxxxx> wrote:
Be it for any reason, it is a security loop whole. Even more dangerous is you have access to device file and its not very hard to erase blocks from disk through device file eg.
dd if=/dev/zero of=/dev/sda1 bs=32k count=32k
This would only be a security hole if a regular user was able to escalate privilege and run the command. Once your root there are a million ways to shoot yourself in the foot.I can do just as much file loss with rm -rf /Also, dd if=/dev/sda1 of=backup-sda1.image is very useful to quickly backup whole partitions.crw-r----- 1 root kmem 1, 1 2010-10-27 11:57 memHere are the permissions for /dev/mem on my box I do not see the security hole. Regular users can not even read from /dev/mem--John
