[rsbac] feature request: rsbac restrictions in address accessing to /dev/mem.

Javier J. Martínez Cabezón tazok.id0 at gmail.com
Sun Jan 18 03:02:05 CET 2009

 The first tests I've done are the following:

In a virtualbox vm:

in /proc/iomem I saw that Video RAM area is from 000a0000 to 000bffff
as root in softmode I do: dd if=/dev/mem bs=1K skip=640 count=128
In the logs I see the following:
request GET_STATUS_DATA pid 10019, ppid 9512, prog_name dd, uid 0,
target type SCD, tid videomem, attr pagenr, value 160, result NOT
GRANTED (Softmode) by RC
Seems that interception works fine here.

now getting some normal RAM:

in /proc/iomem I saw that System RAM area is from 00100000 to 0FFEFFFF
dd if=/dev/mem bs=1k skip=1024 count=128 of=sys_mem

even in softmode is not permitted at all (even no check against SCD
kmem is done),  getting 0kb of data. I have CONFIG_STRICT_DEVMEM
enabled, depend your code from this to be enabled? I think not, I will
recompile the kernel with this disable and I will do this again.

2009/1/16 Javier J. Martínez Cabezón <tazok.id0 en gmail.com>:
> I will do but I need some time to it.
> 2009/1/16 Amon Ott <ao en rsbac.org>:
>> Just committed to svn. We use the same check as the standard kernel to
>> distinguish between SCD kmem and SCD videomem.
>> Please test and tell me, if it works as you expected.
>> Amon.
>> --
>> http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
>> _______________________________________________
>> rsbac mailing list
>> rsbac en rsbac.org
>> http://www.rsbac.org/mailman/listinfo/rsbac

More information about the rsbac mailing list