Re: Want to use Digital Oszilloscope DSO-2100 at parport LPT1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Gert van den Berg.  Ring 0 by default has io permissions.

IOPL is a independent value to rings.  To be correct it assigns what IO permission rings has.  Basically from ring 0-3 call can be assigned IO permissions if you want.  Even that they have related kinds of numbers.  And that it is assigned to the ring running the application for it to work.

http://wiki.osdev.org/Security#I.2FO_Privilege_Level

Lot of people mix up IOPL and Rings.  So you are not alone Gert van den Berg.

iopl and ioperm both require CAP_SYS_RAWIO.  To be correct the process is still a protected process when iopl has been performed on it not a ring 0.  Just port access and suspend interprets is granted to the process. 

Now issue here we really don't want to have to grant this to anything non native.  Even granting this to X11 risks big problems.

Really is a last resort option to enable iopl since it grants way too much access and can cause the kernel to die.   ioperm maybe.   But it can also have bad effects.

Ie ioperm and iopl are not protected by CAP_SYS_RAWIO without very good reason.

Using iopl can be kiss your filesystem by by if interpret were suspended then it locked up while a critical write was happening to filesystem.

ioperm not as bad.  But it can still be hmm stuff running strange with no idea why.

Also any code using ioperm or iopl is Linux only.   Must always be kept in mind that it is such.






[Index of Archives]     [Gimp for Windows]     [Red Hat]     [Samba]     [Yosemite Camping]     [Graphics Cards]     [Wine Home]

  Powered by Linux