On Mon, 2004-03-01 at 20:38, Matthew J. Fanto wrote: > I've been speaking to Chris Wright about read-only /dev/kmem in an LSM. > Current solutions (grsecurity for example) just return -EPERM inside > drivers/char/mem.c::open_port(). We had a discussion about the nature of > CAP_SYS_RAWIO, and have come to a few conclusions. Replacing calls to > capable(CAP_SYS_RAWIO) would be problematic because we wouldn't know the > context of the call to offer fine grained control. The only solutions we > have come up with is either controlling /dev/kmem access through > inode_permissions() or by adding a new hook that open_port() can call. > The problem I see with inode_permissions() is the overhead of checking > to see if it's /dev/kmem on every inode access. Would a new hook for > open_port() be accepted? Is anyone aware of any other solution? Thanks. SELinux assigns a security attribute to /dev/kmem, and does apply file-based controls in addition to controlling the use of CAP_SYS_RAWIO. -- Stephen Smalley <sds@private> National Security Agency
This archive was generated by hypermail 2b30 : Tue Mar 02 2004 - 05:53:21 PST