CONFIG DEVMEM PROTECT - Revision history

KernelJayOmega: added category Kernels

2011-01-23T18:26:57Z

added category Kernels

← Older revision		Revision as of 18:26, 23 January 2011
Line 3:		Line 3:

	[[Category:Logitech Revue\|CONFIG_DEVMEM_PROTECT]]		[[Category:Logitech Revue\|CONFIG_DEVMEM_PROTECT]]
			[[Category:Kernels\|CONFIG_DEVMEM_PROTECT]]

KernelJayOmega: added category

2011-01-23T18:15:53Z

added category

← Older revision		Revision as of 18:15, 23 January 2011
Line 1:		Line 1:
	=== Overview ===		=== Overview ===
	Although we have not found a specific implementation for this kernel configuration item, it is most likely similar in nature to CONFIG_NONPROMISC_DEVMEM or CONFIG_STRICT_DEVMEM options in other kernel distributions. The purpose of this parameter would be to restrict user space applications from accessing kernel space (i.e. ring 0) memory via the /dev/mem character device. Preliminary testing reveals that requests to read from where the kernel is loaded (i.e. above 1MB) fail with EACCES even while root and with properly set permissions on the device. Without this protection in place it would be possible to modify kernel structures and subvert other security mechanisms such as the [[CONFIG_MODULE_SIG]] protection.		Although we have not found a specific implementation for this kernel configuration item, it is most likely similar in nature to CONFIG_NONPROMISC_DEVMEM or CONFIG_STRICT_DEVMEM options in other kernel distributions. The purpose of this parameter would be to restrict user space applications from accessing kernel space (i.e. ring 0) memory via the /dev/mem character device. Preliminary testing reveals that requests to read from where the kernel is loaded (i.e. above 1MB) fail with EACCES even while root and with properly set permissions on the device. Without this protection in place it would be possible to modify kernel structures and subvert other security mechanisms such as the [[CONFIG_MODULE_SIG]] protection.

			[[Category:Logitech Revue\|CONFIG_DEVMEM_PROTECT]]

KernelJayOmega: added a note about CONFIG_MODULE_SIG

2011-01-23T18:14:03Z

added a note about CONFIG_MODULE_SIG

← Older revision		Revision as of 18:14, 23 January 2011
Line 1:		Line 1:
	=== Overview ===		=== Overview ===
	Although we have not found a specific implementation for this kernel configuration item, it is most likely similar in nature to CONFIG_NONPROMISC_DEVMEM or CONFIG_STRICT_DEVMEM options in other kernel distributions. The purpose of this parameter would be to restrict user space applications from accessing kernel space (i.e. ring 0) memory via the /dev/mem character device. Preliminary testing reveals that requests to read from where the kernel is loaded (i.e. above 1MB) fail with EACCES even while root and with properly set permissions on the device.		Although we have not found a specific implementation for this kernel configuration item, it is most likely similar in nature to CONFIG_NONPROMISC_DEVMEM or CONFIG_STRICT_DEVMEM options in other kernel distributions. The purpose of this parameter would be to restrict user space applications from accessing kernel space (i.e. ring 0) memory via the /dev/mem character device. Preliminary testing reveals that requests to read from where the kernel is loaded (i.e. above 1MB) fail with EACCES even while root and with properly set permissions on the device. Without this protection in place it would be possible to modify kernel structures and subvert other security mechanisms such as the [[CONFIG_MODULE_SIG]] protection.

KernelJayOmega: Initial Contribution

2011-01-23T18:11:28Z

Initial Contribution

New page

=== Overview ===
Although we have not found a specific implementation for this kernel configuration item, it is most likely similar in nature to CONFIG_NONPROMISC_DEVMEM or CONFIG_STRICT_DEVMEM options in other kernel distributions. The purpose of this parameter would be to restrict user space applications from accessing kernel space (i.e. ring 0) memory via the /dev/mem character device. Preliminary testing reveals that requests to read from where the kernel is loaded (i.e. above 1MB) fail with EACCES even while root and with properly set permissions on the device.