Killing off /dev/kmem

Posted Apr 6, 2021 13:53 UTC (Tue) by foxcrisp (guest, #52781)
In reply to: Killing off /dev/kmem by nickodell
Parent article: Killing off /dev/kmem

Earlier unixes required apps to read from /dev/kmem, and know the format of the kernel data structures and location. Linux changed all of that, by exposing most things via /proc - mostly simple text strings. In a security based world, /dev/mem and /dev/kmem are just holes to allow access to any part of memory. Whilst the early implementations used unix group permissions, that just meant delegating the security mechanisms to the group mechanisms. That simply opens up the surface area (either get your self root, or get access to the relevant group for reading /dev/kmem).

In a sandboxed container, one doesnt need /dev/kmem, so, one could argue that if its not needed by some apps, it is not needed by any apps.

It is a shame if we lose it, but few apps truly needed it (I used it for dtrace, a while back - but would have to research the proposed alternatives).

Killing off /dev/kmem

Posted Apr 10, 2021 17:45 UTC (Sat) by quanstro (guest, #77996) [Link]

i suppose if you consider mainstream *nix variants, linux may have been first. however, 8th edition unix introduced the concept of /proc. and iirc, linux was inspired by plan 9, not 8th edition. in plan 9 there is extra expressiveness. for example, /proc allows inspection of another machine's processes without endian/word size concerns via mount and bind. this is how stats(1) works. ioctl is similarly not included.