Re: Security Hole?

Drew Eckhardt (drew@poohsticks.org)
Mon, 04 Mar 1996 00:12:06 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ulrich Windl: "make oldconfig"
Previous message: Drew Eckhardt: "Re: RFC: Resource Management"
Maybe in reply to: Andrew Mileski: "Security Hole?"
Next in thread: Andrew Mileski: "Re: Security Hole?"
Reply: Andrew Mileski: "Re: Security Hole?"

In message <199603032103.QAA04582@infoweb.magi.com>, dmtech@magi.com writes:
>Wanted to get some EXPERT opinion on this...
>
>I've noticed that the linux kernel allows anyone to freely
>request/release IRQ, DMA, and I/O. Is this a security
>hole, or am I missing something that only allows root to
>do these things?

No. You can only call it from within kernel code, and you can only
install new kernel code if you have root access.

>Is it necessary to add anything for security?

No.

>Or should the status quo be maintained?

Yes. Any sane kernel code is going to do a suser() check if it's going
to be letting tainted data affect what's accessable.

-- 
You too can commit two felonies by using this .sig:
Eat bite fuck suck gobble nibble chew; nipple bosum hairpie finger-fuck screw
moose-piss cat-pud orangutan-tit; sheep-pussy camel-crack pig-a-lie-in-shit

Next message: Ulrich Windl: "make oldconfig"
Previous message: Drew Eckhardt: "Re: RFC: Resource Management"
Maybe in reply to: Andrew Mileski: "Security Hole?"
Next in thread: Andrew Mileski: "Re: Security Hole?"
Reply: Andrew Mileski: "Re: Security Hole?"