[rsbac] feature request: rsbac restrictions in address accessing to /dev/mem.

Amon Ott ao at rsbac.org
Fri Jan 16 15:51:34 CET 2009

On Thursday 15 January 2009 wrote Amon Ott:
> Am Dunnersdag 15 Januor 2009 schrieb Javier J. Martínez Cabezón:
> > Enabling global access restrictions to /dev/mem must not be a good
> > idea, If you want to make an forensic analysis (for example rebuilding
> > task with the  task_struct linked list or rebuilding it with the
> > task_struct_cachep using cache objects you will need to reach any
> > address in /dev/mem. It would be great to have one rol forensic_r that
> > only him could reach to all the address in /dev/mem and get the other
> > ones filtered to only video memory don't you think?
> Currently, we have target SCD kmem. We could add SCD video or videomem and
> use that target, if the access is to video area.
> It would take some changes in the current way of interception, because now
> we check at open. Nothing problematic, though.

Just committed to svn. We use the same check as the standard kernel to 
distinguish between SCD kmem and SCD videomem.

Please test and tell me, if it works as you expected.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list