Re: [PATCH] Allow /dev/{,k}mem to be disabled to prevent kernel from being modified easily

• Previous message: Jeff Garzik: "Re: sleeping in dev->tx_timeout?"
• In reply to: bert hubert: "[PATCH] Allow /dev/{,k}mem to be disabled to prevent kernel from being modified easily"
• Next in thread: Erik Andersen: "Re: [PATCH] Allow /dev/{,k}mem to be disabled to prevent kernel from being modified easily"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date:	Sun, 3 Aug 2003 23:14:53 +0300 (IDT)
To: bert hubert <ahu@ds9a.nl>

On Sun, 3 Aug 2003, bert hubert wrote:

> After being gloriously rootkitted with a program coded by HTB author Martin
> Devera (lots of thanks, devik, your work is appreciated, I suggest you read
> up about Oppenheimer when disclaiming that you are 'just a coder'. The item
> to google on is: "ethics sweetness hydrogen bomb Oppenheimer"), I wrote
> a patch to disable /dev/kmem and /dev/mem, which is harmless on servers
> without X.

For running X when /dev/mem is disabled, a solution can /dev/svga
device, that I wrote for svgalib. It allows mmap access like
/dev/mem, but only for VGA cards related memory - PCI regions that
belong to VGA cards, and 0-0x110000 (for drivers that use the bios).
Of course, depending on the video card and the system, access to the
video card's registers might be equivalent to access to all system
memory, but it does add another layer of security.

See the driver at

http://www.arava.co.il/matan/svgalib/svgalib-1.9.17.tar.gz

-- 
Matan Ziv-Av.                         matan@svgalib.org
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

• Previous message: Jeff Garzik: "Re: sleeping in dev->tx_timeout?"
• In reply to: bert hubert: "[PATCH] Allow /dev/{,k}mem to be disabled to prevent kernel from being modified easily"
• Next in thread: Erik Andersen: "Re: [PATCH] Allow /dev/{,k}mem to be disabled to prevent kernel from being modified easily"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: [PATCH] missing pci_disable_device() ... >> If I have a framebuffer driver loaded for my video card in bitmap mode ... >> functions but linux drivers using it). ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) VGA card driver supports Windows 2003 server ... I understand Windows 2003 server is not designed for home and personal use, ... are there any mainstream VGA cards (or VGA chips should I ... say) that do have "drivers" work for Windows 2003 server and do not have to ... (microsoft.public.windows.server.general) Re: [PATCH] vgacon: Workaround for resize bug in some chipsets ... > This is not true, VGA cards do support fontwidth=9, but the ninth column ... What it should mean is that vgacon does not support fontwidths!= 8. ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) Re: [OT] Crazy idea: Design open-source graphics chip ... >>A cheap cludge would be an optional second GPU on the card just to do ... >>would make the VGA cards more expensive than a single GPU which ... do you all honestly think that adding cost to the board is going to ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) Re: VGA card driver supports Windows 2003 server ... XP drivers all should work. ... Microsoft MVP: Windows Server ... are there any mainstream VGA cards (or VGA chips should ... (microsoft.public.windows.server.general)