Re: restricting access to /dev/mem
Posted Jul 25, 2005 18:26 UTC (Mon) by mingo
In reply to: Re: restricting access to /dev/mem
Parent article: Kernel Summit 2005: The ExecShield patches
Let me repeat it again: the problem cannot be solved via the SYS_RAWIO privilege or any other flat privilege bit. We dont want to give blanket /dev/mem access _even to processes that are allowed to read/write the safe portions of it_ (i.e. X.org).
(Furthermore, the kernel is perfecly right in enforcing that what is written/read in /dev/mem actually makes sense and doesnt corrupt the kernel itself.)
to post comments)