[rsbac] feature request: rsbac restrictions in address accessing to /dev/mem.

Amon Ott ao at rsbac.org
Thu Jan 15 17:20:34 CET 2009

Am Dunnersdag 15 Januor 2009 schrieb Javier J. Martínez Cabezón:
> Enabling global access restrictions to /dev/mem must not be a good
> idea, If you want to make an forensic analysis (for example rebuilding
> task with the  task_struct linked list or rebuilding it with the
> task_struct_cachep using cache objects you will need to reach any
> address in /dev/mem. It would be great to have one rol forensic_r that
> only him could reach to all the address in /dev/mem and get the other
> ones filtered to only video memory don't you think?

Currently, we have target SCD kmem. We could add SCD video or videomem and use 
that target, if the access is to video area.

It would take some changes in the current way of interception, because now we 
check at open. Nothing problematic, though.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list