Message-ID: <41AAFE4E.7010308@verizon.net>
Date: Mon, 29 Nov 2004 05:47:42 -0500
From: Jim Nelson <james4765@verizon.net>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040922
MIME-Version: 1.0
To: Wichert Akkerman <wichert@wiggy.net>
CC: linux-kernel@vger.kernel.org
Subject: Re: Question about /dev/mem and /dev/kmem
References: <41AA9E26.4070105@verizon.net> <20041129093937.GN31995@wiggy.net>
In-Reply-To: <20041129093937.GN31995@wiggy.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 845
Lines: 27

Wichert Akkerman wrote:
> Previously Jim Nelson wrote:
> 
>>I was looking at some articles about rootkits on monolithic kernels, and 
>>had a thought.  Would a kernel config option to disable write access to 
>>/dev/mem and /dev/kmem be a workable idea?
> 
> 
> Yes, but not a very useful one since it is an incomplete solution. You
> can easily do something better using /proc/kernel/cap-bound

Isn't that /proc/sys/kernel/cap-bound?

> (like writing 0xFFFCFFFF into it).
> 

And what stops an attacker who's already gained root from doing a "cat "0" > 
/proc/sys/kernel/cap-bound" ?

> Wichert.
> 

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/