On Sun, Aug 03, 2003 at 09:11:02PM +0200, Willy Tarreau wrote:
> Why not make this change dynamic instead ? eg : your system boots unlocked,
> and definitely locks /dev/{,k}mem once you do something such as
>
> echo foo > /proc/path_to_magic_entry
I thought about something like that but then for loading modules too - which
would allow for a modular boot but a lock afterwards.
> So the same config can be used with kernel with and without X, it's just a
> matter of runtime configuration. It could even be a sysctl, as long as there's
> no way to unset it.
Well, I fear the runtime overhead - as it is, I suspect this patch is
somewhat inflamatory anyhow ('tough luck you were hacked', 'you are fscked
anyhow').
However, the check would be in {,k}mem_open and in sys_init_module, which
are not heavily used functions.
I'll whip up a dynamic patch soonish - I'm unsure about the right location,
/proc/sys/ something?
Thanks.
-- http://www.PowerDNS.com Open source, database driven DNS Software http://lartc.org Linux Advanced Routing & Traffic Control HOWTO - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Aug 07 2003 - 22:00:21 EST