cvs commit: src/sys/alpha/alpha mem.c src/sys/alpha/conf
GENERIC src/sys/alpha/include memdev.h src/sys/amd64/amd64 io.c mem.c
src/sys/amd64/conf GENERIC NOTES src/sys/amd64/include iodev.h memdev.h
src/sys/conf NOTES files files.alpha files.amd64 ...
Dag-Erling Smørgrav
des at des.no
Mon Aug 2 05:14:21 PDT 2004
Matteo Riondato <rionda at riondato.com> writes:
> Dag-Erling Smørgrav wrote:
> > The other good news of course is that it is now possible to build a
> > kernel that does not have /dev/mem and /dev/io - that's pretty
> > significant from a security point of view. Thanks!
> Can you please explain why it's signficant?
/dev/mem and /dev/io are back doors to a system's memory and hardware,
which allow you to bypass all error and credential checks once you've
gained access to them.
For instance, an attacker which manages to obtain read access to
/dev/mem (e.g. by exploiting a hole in a setgid kmem application) can
read any data present in system memory, including the contents of the
buffer cache, and stuff like unencrypted ssh keys held in memory by an
ssh agent.
Of course, /dev/mem and /dev/io can be protected through conventional
means (including removing the actual device nodes), but given the
choice between protecting a back door and not having one in the first
place, I definitely prefer the latter.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the cvs-all
mailing list