[rsbac] port specification under SCD_IOPORTS

Javier Juan Martínez Cabezón tazok.id0 at gmail.com
Mon Nov 7 20:03:01 CET 2011


I make this suggestion that I get realized after this thread from gentoo
hardened:

http://archives.gentoo.org/gentoo-hardened/msg_8160a0d4bb4e2a0cf09f91c06ded7001.xml

I think if it could be, specify under SCD_IOPORTS  which port is permited
to do iopl/ioperm request, something like AUTH makes with UIDs, since some
software would require to only do privilege I/O port against one particular
port and no to everyone. It's another less privilege approach that would be
useful for example with propietary nvidia drivers that still using priv I/O
ports to do his tasks.


More information about the rsbac mailing list