On 10/28/2010 04:55 PM, Dave Hylands wrote: > Hi Rajat, > > On Thu, Oct 28, 2010 at 2:41 AM, Rajat Sharma <fs.rajat@xxxxxxxxx> wrote: >>> This is non-sense. It is a feature. I need it when working on my ARM >>> based system and trying to debug some hardware that needs writing to >>> specific memory locations. >> >> If something is assiting you in debug, that does not make it fall into a >> feature. And saying that it is a feature, it does not claim that it is not >> vulnerable to attacks. If you really want to use this for debugging, you may >> do it on a development system which you can not risk for security attacks. >> For a production system or server, you may not want to use it for any >> debugging and it may be lying there without any purpose for its security >> vulnerability. If it is a configurable options, its good to compile the >> kernel for your debugging purpose. >> >> Look at the patch below, at least there are people who assume that it is >> vulnerability: >> >> http://kerneltrap.org/mailarchive/linux-kernel/2008/2/11/809424 >> >> It is almost like saying that apple can't get rotten because you like the >> taste. > > I guess the ability to run any code at all must be a security hole then... > > What this all boils down to, is what's your definition of a security > hole? This particular thing might fit into some weird class of > security holes (things to protect the system from the root user). I'm > much more interested in preventing people from being root in the first > place (much easier to fix in an OS like linux). Me too, besides, some people think a rotten (should I say fermented) grape is better than a fresh one anyways. Wouter -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
