[rsbac] port specification under SCD_IOPORTS
Javier Juan Martínez Cabezón
tazok.id0 at gmail.com
Mon Nov 7 20:03:01 CET 2011
I make this suggestion that I get realized after this thread from gentoo
hardened:
http://archives.gentoo.org/gentoo-hardened/msg_8160a0d4bb4e2a0cf09f91c06ded7001.xml
I think if it could be, specify under SCD_IOPORTS which port is permited
to do iopl/ioperm request, something like AUTH makes with UIDs, since some
software would require to only do privilege I/O port against one particular
port and no to everyone. It's another less privilege approach that would be
useful for example with propietary nvidia drivers that still using priv I/O
ports to do his tasks.
More information about the rsbac
mailing list