[rsbac] feature request: rsbac restrictions in address accessing to /dev/mem.
Javier J. Martínez Cabezón
tazok.id0 at gmail.com
Sun Jan 18 03:02:05 CET 2009
The first tests I've done are the following:
In a virtualbox vm:
in /proc/iomem I saw that Video RAM area is from 000a0000 to 000bffff
as root in softmode I do: dd if=/dev/mem bs=1K skip=640 count=128
of=/tmp/vid_mem
In the logs I see the following:
request GET_STATUS_DATA pid 10019, ppid 9512, prog_name dd, uid 0,
target type SCD, tid videomem, attr pagenr, value 160, result NOT
GRANTED (Softmode) by RC
Seems that interception works fine here.
now getting some normal RAM:
in /proc/iomem I saw that System RAM area is from 00100000 to 0FFEFFFF
dd if=/dev/mem bs=1k skip=1024 count=128 of=sys_mem
even in softmode is not permitted at all (even no check against SCD
kmem is done), getting 0kb of data. I have CONFIG_STRICT_DEVMEM
enabled, depend your code from this to be enabled? I think not, I will
recompile the kernel with this disable and I will do this again.
2009/1/16 Javier J. Martínez Cabezón <tazok.id0 en gmail.com>:
> I will do but I need some time to it.
>
> 2009/1/16 Amon Ott <ao en rsbac.org>:
>
>> Just committed to svn. We use the same check as the standard kernel to
>> distinguish between SCD kmem and SCD videomem.
>>
>> Please test and tell me, if it works as you expected.
>>
>> Amon.
>> --
>> http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
>> _______________________________________________
>> rsbac mailing list
>> rsbac en rsbac.org
>> http://www.rsbac.org/mailman/listinfo/rsbac
>>
>
More information about the rsbac
mailing list