Hi Rajat, On Thu, Oct 28, 2010 at 2:41 AM, Rajat Sharma <fs.rajat@xxxxxxxxx> wrote: >> This is non-sense. It is a feature. I need it when working on my ARM >> based system and trying to debug some hardware that needs writing to >> specific memory locations. > > If something is assiting you in debug, that does not make it fall into a > feature. And saying that it is a feature, it does not claim that it is not > vulnerable to attacks. If you really want to use this for debugging, you may > do it on a development system which you can not risk for security attacks. > For a production system or server, you may not want to use it for any > debugging and it may be lying there without any purpose for its security > vulnerability. If it is a configurable options, its good to compile the > kernel for your debugging purpose. > > Look at the patch below, at least there are people who assume that it is > vulnerability: > > http://kerneltrap.org/mailarchive/linux-kernel/2008/2/11/809424 > > It is almost like saying that apple can't get rotten because you like the > taste. I guess the ability to run any code at all must be a security hole then... What this all boils down to, is what's your definition of a security hole? This particular thing might fit into some weird class of security holes (things to protect the system from the root user). I'm much more interested in preventing people from being root in the first place (much easier to fix in an OS like linux). -- Dave Hylands Shuswap, BC, Canada http://www.DaveHylands.com/ -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
