On 21 Jul 2000, Miquel van Smoorenburg wrote:
> In article <cistron.Pine.LNX.4.21.0007211543460.12570-100000@anime.net>,
> Dan Hollis <goemon@sasami.anime.net> wrote:
> >On Sat, 22 Jul 2000, Ville Herva wrote:
> >> So, would it be feasible to make it possible to disable direct hardware
> >> access (/dev/mem, /dev/nvram, HD ioctls, what else?) completely in kernel
> >> config?
> >
> >I would certainly feel better if this were possible, in which case Andre's
> >patch would be more reasonable.
>
> It _is_ possible. Check out "capabilities".
It isn't possible. Root can bypass them all completely, as long as
/dev/kmem etc. exist. Shall we delete capabilities on this basis? I think
not - so why apply that argument to Andre's bugfix?
James.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:18 EST