forked from luck/tmp_suning_uos_patched
ae531c26c5
This patch introduces a restriction on /dev/mem: Only non-memory can be read or written unless the newly introduced config option is set. The X server needs access to /dev/mem for the PCI space, but it doesn't need access to memory; both the file permissions and SELinux permissions of /dev/mem just make X effectively super-super powerful. With the exception of the BIOS area, there's just no valid app that uses /dev/mem on actual memory. Other popular users of /dev/mem are rootkits and the like. (note: mmap access of memory via /dev/mem was already not allowed since a really long time) People who want to use /dev/mem for kernel debugging can enable the config option. The restrictions of this patch have been in the Fedora and RHEL kernels for at least 4 years without any problems. Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> |
||
|---|---|---|
| .. | ||
| acpi | ||
| asm-alpha | ||
| asm-arm | ||
| asm-avr32 | ||
| asm-blackfin | ||
| asm-cris | ||
| asm-frv | ||
| asm-generic | ||
| asm-h8300 | ||
| asm-ia64 | ||
| asm-m32r | ||
| asm-m68k | ||
| asm-m68knommu | ||
| asm-mips | ||
| asm-mn10300 | ||
| asm-parisc | ||
| asm-powerpc | ||
| asm-ppc | ||
| asm-s390 | ||
| asm-sh | ||
| asm-sparc | ||
| asm-sparc64 | ||
| asm-um | ||
| asm-v850 | ||
| asm-x86 | ||
| asm-xtensa | ||
| crypto | ||
| keys | ||
| linux | ||
| math-emu | ||
| media | ||
| mtd | ||
| net | ||
| pcmcia | ||
| rdma | ||
| rxrpc | ||
| scsi | ||
| sound | ||
| video | ||
| xen | ||
| Kbuild | ||