On Sun, 3 Aug 2003, bert hubert wrote:
> After being gloriously rootkitted with a program coded by HTB author Martin
> Devera (lots of thanks, devik, your work is appreciated, I suggest you read
> up about Oppenheimer when disclaiming that you are 'just a coder'. The item
> to google on is: "ethics sweetness hydrogen bomb Oppenheimer"), I wrote
> a patch to disable /dev/kmem and /dev/mem, which is harmless on servers
> without X.
For running X when /dev/mem is disabled, a solution can /dev/svga
device, that I wrote for svgalib. It allows mmap access like
/dev/mem, but only for VGA cards related memory - PCI regions that
belong to VGA cards, and 0-0x110000 (for drivers that use the bios).
Of course, depending on the video card and the system, access to the
video card's registers might be equivalent to access to all system
memory, but it does add another layer of security.
See the driver at
http://www.arava.co.il/matan/svgalib/svgalib-1.9.17.tar.gz
-- Matan Ziv-Av. matan@svgalib.org- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Aug 07 2003 - 22:00:22 EST