I've been speaking to Chris Wright about read-only /dev/kmem in an LSM. Current solutions (grsecurity for example) just return -EPERM inside drivers/char/mem.c::open_port(). We had a discussion about the nature of CAP_SYS_RAWIO, and have come to a few conclusions. Replacing calls to capable(CAP_SYS_RAWIO) would be problematic because we wouldn't know the context of the call to offer fine grained control. The only solutions we have come up with is either controlling /dev/kmem access through inode_permissions() or by adding a new hook that open_port() can call. The problem I see with inode_permissions() is the overhead of checking to see if it's /dev/kmem on every inode access. Would a new hook for open_port() be accepted? Is anyone aware of any other solution? Thanks. -Matthew J. Fanto
This archive was generated by hypermail 2b30 : Mon Mar 01 2004 - 17:39:28 PST