Who needs /dev/kmem?
Posted Aug 19, 2005 16:15 UTC (Fri) by giraffedata
In reply to: Who needs /dev/kmem?
Parent article: Who needs /dev/kmem?
If no one is using something, there's no point in it being maintained
I agree with that, but don't find it relevant here. I.e. it's not relevant whether there's a point to maintaining something; what is relevant is what I said above: whether someone is maintaining it.
if the main users of a feature are rootkits, then it's a disadvantage to have it around at all.
This is a common argument that I don't accept. If by "have it around," you mean have it present in kernel.org source trees. Not having it around by choosing not to configure it into your kernel makes sense to me.
The basic idea I oppose is fighting black hats by withholding tools they could use from the public. Aside from a basic uneasiness about withholding anything from the public, I also believe it has no significant effect, because if /dev/kmem isn't there already, the cracker will just bring his own. That's what rootkits are all about, after all. In any sensible security system, if a cracker has privilege to read and write /dev/kmem, then he also has privilege to load his own device driver.
to post comments)