Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261664AbUK2KwQ (ORCPT ); Mon, 29 Nov 2004 05:52:16 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261656AbUK2KuZ (ORCPT ); Mon, 29 Nov 2004 05:50:25 -0500 Received: from out006pub.verizon.net ([206.46.170.106]:7386 "EHLO out006.verizon.net") by vger.kernel.org with ESMTP id S261662AbUK2KrY (ORCPT ); Mon, 29 Nov 2004 05:47:24 -0500 Message-ID: <41AAFE4E.7010308@verizon.net> Date: Mon, 29 Nov 2004 05:47:42 -0500 From: Jim Nelson User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040922 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Wichert Akkerman CC: linux-kernel@vger.kernel.org Subject: Re: Question about /dev/mem and /dev/kmem References: <41AA9E26.4070105@verizon.net> <20041129093937.GN31995@wiggy.net> In-Reply-To: <20041129093937.GN31995@wiggy.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH at out006.verizon.net from [209.158.220.243] at Mon, 29 Nov 2004 04:47:19 -0600 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 845 Lines: 27 Wichert Akkerman wrote: > Previously Jim Nelson wrote: > >>I was looking at some articles about rootkits on monolithic kernels, and >>had a thought. Would a kernel config option to disable write access to >>/dev/mem and /dev/kmem be a workable idea? > > > Yes, but not a very useful one since it is an incomplete solution. You > can easily do something better using /proc/kernel/cap-bound Isn't that /proc/sys/kernel/cap-bound? > (like writing 0xFFFCFFFF into it). > And what stops an attacker who's already gained root from doing a "cat "0" > /proc/sys/kernel/cap-bound" ? > Wichert. > - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/