[rsbac] port specification under SCD_IOPORTS

Amon Ott ao at rsbac.org
Tue Nov 8 09:20:35 CET 2011

On Monday 07 November 2011 wrote Javier Juan Martínez Cabezón:
> I make this suggestion that I get realized after this thread from gentoo
> hardened:
> http://archives.gentoo.org/gentoo-hardened/msg_8160a0d4bb4e2a0cf09f91c06ded
> I think if it could be, specify under SCD_IOPORTS  which port is permited
> to do iopl/ioperm request, something like AUTH makes with UIDs, since some
> software would require to only do privilege I/O port against one particular
> port and no to everyone. It's another less privilege approach that would be
> useful for example with propietary nvidia drivers that still using priv I/O
> ports to do his tasks.

Yes, this does make sense. I would either make it a new target type T_IOPORTS 
or use a special device major and the port address as minor. It does not fit 
into T_SCD then, though.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list