Re: [PATCH] Add user taint flag

On Mon, May 22, 2006 at 04:14:36PM +0200, Arjan van de Ven wrote:
> On Sun, 2006-05-21 at 19:04 -0400, Theodore Ts'o wrote:
> > Allow taint flags to be set from userspace by writing to
> > /proc/sys/kernel/tainted, and add a new taint flag, TAINT_USER, to be
> > used when userspace is potentially doing something naughty that might
> > compromise the kernel. 
> 
> we should then patch the /dev/mem driver or something to set this :)
> (well and possibly give it an exception for now for PCI space until the
> X people fix their stuff to use the proper sysfs stuff)

It may make sense to have an explicit taint flag which means direct
access to memory, via /dev/mem or otherwise, with exceptions for I/O
mapped memory not claimed by a device driver (and of course X until it
is fixed, or never, whichever comes first).

As I've mentioned, the original reason why I did this was because I
needed to mmap physical memory, which at the time when I originally
did things, /dev/mem didn't support except for the I/O mapped memory
range, and I assumed that any attempt to enhance /dev/mem's mmap()
capabilities in a patch intended for mainline wouldn't be looked at as
a friendly act.  In fact, I was so unhappy about being forced by the
RTSJ specification to do this insane thing that I wanted to make sure
that if it were ever used, it would set a TAINT flag to warn people
that just about anything unsane could have happened, and the system's
stability was at the mercy of the competence of Java application
programmers.  :-)

						- Ted