Re: only root has acces to /dev/mem ?

Alan Cox (alan@lxorguk.ukuu.org.uk)
Tue, 14 Sep 1999 14:04:00 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Nicolas Pitre: "Re: Designing a keyboard controller"
Previous message: Richard B. Johnson: "Re: reboot after oops?"
In reply to: Lars Marowsky-Bree: "Re: netfilter plugin: antispoof"

> Ok, giving someone write access to /dev/mem effectively gives away
> root access, but suppose we have a setuid-kmem(*) application that does
> something specific with kmem. We don't want it to have filesystem
> permissions associated with "root", so we make it setuid-kmem, and
> give that user access to /dev/mem.

In order to enforce bounding sets it is neccessary to require rawio access
to kmem in order to prevent rawio being set by other means and violating
the bounding set.

I agree on the compatibility point. I think a good compromise will be to
require raw I/O only if the bounding set for the system is not the set
of all capabilities.

Ok will look at that

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Nicolas Pitre: "Re: Designing a keyboard controller"
Previous message: Richard B. Johnson: "Re: reboot after oops?"
In reply to: Lars Marowsky-Bree: "Re: netfilter plugin: antispoof"