Re: restricting access to /dev/mem
Posted Jul 25, 2005 2:15 UTC (Mon) by sweikart
In reply to: The ExecShield patches
Parent article: Kernel Summit 2005: The ExecShield patches
Since you can already block access to /dev/mem in userspace (using the Capability Bounding Set; see my earlier post, which was posted about the same time as yours), I would request that the kernel not alter the semantics of access to /dev/mem .
Instead, distributors can drop the capability to access /dev/mem in their startup scripts (which can be modified by people who need to access /dev/mem, whether its for driver support or other reasons).
to post comments)