[rsbac] port specification under SCD_IOPORTS
Amon Ott
ao at rsbac.org
Tue Nov 8 09:20:35 CET 2011
On Monday 07 November 2011 wrote Javier Juan Martínez Cabezón:
> I make this suggestion that I get realized after this thread from gentoo
> hardened:
>
> http://archives.gentoo.org/gentoo-hardened/msg_8160a0d4bb4e2a0cf09f91c06ded
>7001.xml
>
> I think if it could be, specify under SCD_IOPORTS which port is permited
> to do iopl/ioperm request, something like AUTH makes with UIDs, since some
> software would require to only do privilege I/O port against one particular
> port and no to everyone. It's another less privilege approach that would be
> useful for example with propietary nvidia drivers that still using priv I/O
> ports to do his tasks.
Yes, this does make sense. I would either make it a new target type T_IOPORTS
or use a special device major and the port address as minor. It does not fit
into T_SCD then, though.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list