[rsbac] feature request: rsbac restrictions in address accessing to /dev/mem.

Javier J. Martínez Cabezón tazok.id0 at gmail.com
Sun Jan 18 03:08:25 CET 2009


In the logs I saw too: program dd tried to access /dev/mem betweem
100000-100400. I think that it comes from CONFIG_STRICT_DEVMEM code.

2009/1/18 Javier J. Martínez Cabezón <tazok.id0 en gmail.com>:
>  The first tests I've done are the following:
>
> In a virtualbox vm:
>
> in /proc/iomem I saw that Video RAM area is from 000a0000 to 000bffff
> as root in softmode I do: dd if=/dev/mem bs=1K skip=640 count=128
> of=/tmp/vid_mem
> In the logs I see the following:
> request GET_STATUS_DATA pid 10019, ppid 9512, prog_name dd, uid 0,
> target type SCD, tid videomem, attr pagenr, value 160, result NOT
> GRANTED (Softmode) by RC
> Seems that interception works fine here.
>
> now getting some normal RAM:
>
> in /proc/iomem I saw that System RAM area is from 00100000 to 0FFEFFFF
> dd if=/dev/mem bs=1k skip=1024 count=128 of=sys_mem
>
> even in softmode is not permitted at all (even no check against SCD
> kmem is done),  getting 0kb of data. I have CONFIG_STRICT_DEVMEM
> enabled, depend your code from this to be enabled? I think not, I will
> recompile the kernel with this disable and I will do this again.
>
>
> 2009/1/16 Javier J. Martínez Cabezón <tazok.id0 en gmail.com>:
>> I will do but I need some time to it.
>>
>> 2009/1/16 Amon Ott <ao en rsbac.org>:
>>
>>> Just committed to svn. We use the same check as the standard kernel to
>>> distinguish between SCD kmem and SCD videomem.
>>>
>>> Please test and tell me, if it works as you expected.
>>>
>>> Amon.
>>> --
>>> http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
>>> _______________________________________________
>>> rsbac mailing list
>>> rsbac en rsbac.org
>>> http://www.rsbac.org/mailman/listinfo/rsbac
>>>
>>
>


More information about the rsbac mailing list