In <Pine.LNX.4.21.0007211543460.12570-100000@anime.net> Dan Hollis (goemon@sasami.anime.net) wrote:
> On Sat, 22 Jul 2000, Ville Herva wrote:
>> So, would it be feasible to make it possible to disable direct hardware
>> access (/dev/mem, /dev/nvram, HD ioctls, what else?) completely in kernel
>> config?
> I would certainly feel better if this were possible, in which case Andre's
> patch would be more reasonable.
> If you can't bit-bang hardware directly, and kernel API is the only access
> to devices, then it's easier to secure.
> As long as raw hardware access is possible, no amount of kernel API
> parameter checking will protect you from malicious programs. (I think,
> this is a point the GGI guys try to make)
> What userspace programs still require direct raw access to hardware? Only
> X servers?
X servers, DOSEMU, VMWare (it installes kernel module so perhaps it's userspace
part does not need such access).
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:19 EST