Re: /dev/mem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> This is non-sense. It is a feature. I need it when working on my ARM
> based system and trying to debug some hardware that needs writing to
> specific memory locations.

If something is assiting you in debug, that does not make it fall into a feature. And saying that it is a feature, it does not claim that it is not vulnerable to attacks. If you really want to use this for debugging, you may do it on a development system which you can not risk for security attacks. For a production system or server, you may not want to use it for any debugging and it may be lying there without any purpose for its security vulnerability. If it is a configurable options, its good to compile the kernel for your debugging purpose.

Look at the patch below, at least there are people who assume that it is vulnerability:

http://kerneltrap.org/mailarchive/linux-kernel/2008/2/11/809424

It is almost like saying that apple can't get rotten because you like the taste.

P.S. I am not making any attempt to convey that we need a fix for it. But someone just started with saying it is a security loop whole, so I am just agreeing, yes it falls into that category.

Thanks,
Rajat

On Thu, Oct 28, 2010 at 1:27 PM, Wouter Simons <lkml@xxxxxxxxxxxxxxxx> wrote:
On 10/27/2010 06:54 PM, Rajat Sharma wrote:
> In any case, no one can claim its not security hole, it is definitely,
> but only restricted to privileged processes. Any of the vulnerable
> process can make life easy for hackers. Also no one can build 100%
> secure system.

This is non-sense. It is a feature. I need it when working on my ARM
based system and trying to debug some hardware that needs writing to
specific memory locations.

If you want to call this a security hole then I think you should
consider how the balance between usability and security works. If a
system needs to be 100% secure it should be powered off, with cables
physically removed from any power outlet and stored in the vault of the
federal reserve or somesuch.

Here is a message about restricting the access through /dev/mem on x86,
check your kernel config to see how well protected you are:
http://lwn.net/Articles/267427/

But here I am claiming that it is a feature not a security hole.

;-)

Wouter

[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux