iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ae531c26c5
linux/arch/x86
History
Arjan van de Ven ae531c26c5 x86: introduce /dev/mem restrictions with a config option 
This patch introduces a restriction on /dev/mem: Only non-memory can be
read or written unless the newly introduced config option is set.

The X server needs access to /dev/mem for the PCI space, but it doesn't need
access to memory; both the file permissions and SELinux permissions of /dev/mem
just make X effectively super-super powerful. With the exception of the
BIOS area, there's just no valid app that uses /dev/mem on actual memory.
Other popular users of /dev/mem are rootkits and the like.
(note: mmap access of memory via /dev/mem was already not allowed since
a really long time)

People who want to use /dev/mem for kernel debugging can enable the config
option.

The restrictions of this patch have been in the Fedora and RHEL kernels for
at least 4 years without any problems.

Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2008-04-24 23:40:47 +02:00
..
boot x86: cleanup: change _end to end_before_pgt 2008-04-19 19:19:55 +02:00
configs x86, core: remove CONFIG_FORCED_INLINING 2008-02-09 23:24:09 +01:00
crypto [CRYPTO] aes-x86-32: Remove unused return code 2008-04-21 10:19:21 +08:00
ia32 arch: Remove unnecessary inclusions of asm/semaphore.h 2008-04-18 22:14:49 -04:00
kernel Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/pci-2.6 2008-04-21 15:58:35 -07:00
kvm KVM: MMU: Fix memory leak on guest demand faults 2008-03-25 10:22:17 +02:00
lguest x86: replace remaining __FUNCTION__ occurances 2008-04-17 17:40:57 +02:00
lib Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86 2008-04-18 08:25:51 -07:00
mach-default spelling fixes: arch/i386/ 2007-10-20 01:13:56 +02:00
mach-es7000 i386: es7000 minor cleanups 2007-10-17 20:16:15 +02:00
mach-generic x86: coding style fixes to arch/x86/mach-generic/bigsmp.c 2008-04-17 17:40:48 +02:00
mach-rdc321x x86, rdc321x: remove watchdog file 2008-04-17 17:40:50 +02:00
mach-visws x86: remove pointless comments 2008-04-19 19:19:54 +02:00
mach-voyager x86: remove pointless comments 2008-04-19 19:19:54 +02:00
math-emu x86, fpu: split FPU state from task struct - v5 2008-04-19 19:19:55 +02:00
mm x86: introduce /dev/mem restrictions with a config option 2008-04-24 23:40:47 +02:00
oprofile x86: oprofile: remove NR_CPUS arrays in arch/x86/oprofile/nmi_int.c 2008-04-19 19:44:58 +02:00
pci PCI: x86: use generic pci_enable_resources() 2008-04-20 21:47:04 -07:00
power x86: coding style fixes to arch/x86/power/cpu_32.c 2008-04-17 17:40:50 +02:00
vdso x86 vDSO: compile with -g, 64-bit 2008-04-19 19:19:55 +02:00
video x86: remove pointless comments 2008-04-19 19:19:54 +02:00
xen x86: change naming of cpu_initialized_mask for xen 2008-04-17 17:41:32 +02:00
Kconfig Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mingo/linux-2.6-sched-devel 2008-04-21 15:40:24 -07:00
Kconfig.cpu x86: MPSC should use P6 NOPs 2008-04-17 17:41:34 +02:00
Kconfig.debug x86: introduce /dev/mem restrictions with a config option 2008-04-24 23:40:47 +02:00
Makefile x86: add subarch support (for headers) to x86_64 2008-04-17 17:41:01 +02:00
Makefile_32.cpu x86: move i386 and x86_64 Makefiles to arch/x86 2007-10-25 22:27:34 +02:00